Date Published: December 2016 (updated 06/07/2018)
Planning Note (2/21/2020):
Note 1: SP 800-171 Rev. 1 has been superseded by SP 800-171 Rev. 2, and will be withdrawn in one year, on February 21, 2021.
Note 2: Documentation > Supplemental Material > CUI SSP template:
** There is no prescribed format or specified level of detail for system security plans. However, organizations ensure that the required information in [SP 800-171 Requirement] 3.12.4 is conveyed in those plans.
Superseded By: SP 800-171 Rev. 2 (02/21/2020)
Supersedes: SP 800-171 Rev. 1 (02/20/2018)
, , , ,
Keywords contractor systems; Controlled Unclassified Information; CUI Registry; derived security requirement; Executive Order 13556; FIPS Publication 199; FIPS Publication 200; FISMA; NIST Special Publication 800-53; nonfederal systems; security assessment; security control; security requirement
Audit and Accountability;
Awareness and Training;
Identification and Authentication;
Physical and Environmental Protection;
System and Communications Protection;
System and Information Integrity;