Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-171

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

Date Published: June 2015 (Updated 1/14/2016)

Supersedes: SP 800-171 (10/01/2015)

Planning Note (12/20/2017):

This original version of SP 800-171 was withdrawn on 12/20/2017, one year after the release of SP 800-171 Revision 1.


Author(s)

Ron Ross (NIST), Kelley Dempsey (NIST), Patrick Viscuso (NARA), Mark Riddle (NARA), Gary Guissanie (IDA)

Abstract

Keywords

CUI Registry; Executive Order 13556; FIPS Publication 199; FIPS Publication 200; FISMA; NIST SP 800-53; Nonfederal Information Systems; Security Control; Security Requirement; Derived Security Requirement; Security Assessment; Controlled Unclassified Information; Contractor Information Systems
Control Families

Access Control; Awareness and Training; Audit and Accountability; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Physical and Environmental Protection; Personnel Security; System and Communications Protection; System and Information Integrity

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-171
Download URL

Supplemental Material:
Press Release (06-19-2015)

Document History:
01/21/16: SP 800-171 (Final)