Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-171 Rev. 2 (DRAFT)

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Date Published: June 2019
Comments Due: August 2, 2019 (public comment period is CLOSED)
Email Questions to: sec-cert@nist.gov

Author(s)

Ron Ross (NIST), Victoria Pillitteri (NIST), Kelley Dempsey (NIST), Mark Riddle (NARA), Gary Guissanie (IDA)

Announcement

Draft NIST SP 800-171 Revision 2 provides minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and References appendices. There are no changes to the basic and derived security requirements in Chapter Three. For ease of use, the Discussion sections, previously located in Appendix F (SP 800-171 Revision 1), have been relocated to Chapter Three to coincide with the basic and derived security requirements.

We encourage you to use the comment template provided when submitting your comments.

Also see Draft SP 800-171B, comment period July 19, 2019 has been extended to Friday, August 2, 2019.

NOTE: A call for patent claims is included on page v of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

basic security requirement; contractor systems; Controlled Unclassified Information; CUI Registry; derived security requirement; Executive Order 13556; FIPS Publication 199; FIPS Publication 200; FISMA; NIST Special Publication 800-53; ronfederal organizations; nonfederal systems; security assessment; security control; security requirement
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; System and Communications Protection; System and Information Integrity;