Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-171 Rev. 1

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Date Published: December 2016 (Updated 11/28/2017)

Supersedes: SP 800-171 Rev. 1 (12/20/2016)


Ron Ross (NIST), Patrick Viscuso (NARA), Gary Guissanie (IDA), Kelley Dempsey (NIST), Mark Riddle (NARA)



Contractor Systems; Controlled Unclassified Information; CUI Registry; Derived Security Requirement; Executive Order 13556; FIPS Publication 199; FIPS Publication 200; FISMA; NIST Special Publication 800-53; Nonfederal Systems; Security Assessment; Security Control; Security Requirement
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; System and Communications Protection; System and Information Integrity


SP 800-171 Rev. 1 (11/28/2017)

Supplemental Material:
None available

Document History:
11/28/17: SP 800-171 Rev. 1