Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-171

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

Date Published: June 2015 (Updated 1/14/2016)

Withdrawn: December 20, 2017

Planning Note (12/20/2017):

This original version of SP 800-171 was withdrawn on 12/20/2017, one year after the release of SP 800-171 Revision 1.

Superseded By: SP 800-171 Rev. 1 (December 2016)
Supersedes: SP 800-171 (June 2015 (includes updates as of September 03, 2015))


Ron Ross (NIST), Kelley Dempsey (NIST), Patrick Viscuso (NARA), Mark Riddle (NARA), Gary Guissanie (IDA)



CUI Registry; Executive Order 13556; FIPS Publication 199; FIPS Publication 200; FISMA; NIST SP 800-53; Nonfederal Information Systems; Security Control; Security Requirement; Derived Security Requirement; Security Assessment; Controlled Unclassified Information; Contractor Information Systems
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; System and Communications Protection; System and Information Integrity;