SP 800-171

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

Date Published: June 2015


Ron Ross (NIST), Kelley Dempsey (NIST), Patrick Viscuso (NARA), Mark Riddle (NARA), Gary Guissanie (IDA)



Controlled Unclassified Information; CUI Registry; Executive Order 13556; FIPS Publication 199; FIPS Publication 200; FISMA; NIST SP 800-53; Nonfederal Information Systems; Security Control; Security Requirement; Derived Security Requirement; Contractor Information Systems; Security Assessment
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; System and Communications Protection; System and Information Integrity


Final Draft SP 800-171 (Apr. 2015)
SP 800-171 (6/18/2015)

Supplemental Material:
SP 800-171 (6/18/2015) (pdf)
Initial Draft SP 800-171 (Nov. 2014) (pdf)

Document History:
06/18/15: SP 800-171
10/01/15: SP 800-171