Date Published: February 2020 (includes updates as of January 28, 2021)
Supersedes:
SP 800-171 Rev. 2 (02/21/2020)
Planning Note (4/13/2022):
The security requirements in SP 800-171 Revision 2 are available in multiple data formats. The PDF of SP 800-171 Revision 2 is the authoritative source of the CUI security requirements. If there are any discrepancies noted in the content between the CSV, XLSX, and the SP 800-171 PDF, please contact sec-cert@nist.gov and refer to the PDF as the normative source. ** There is no prescribed format or specified level of detail for system security plans. However, organizations ensure that the required information in [SP 800-171 Requirement] 3.12.4 is conveyed in those plans.
Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; System and Communications Protection; System and Information Integrity
Publication:
SP 800-171 Rev. 2 (DOI)
Local Download
Supplemental Material:
Security Requirements Spreadsheet (xls)
Security Requirements CSV (other)
README for CSV (txt)
CUI Plan of Action template (word)
CUI SSP template **[see Planning Note] (word)
Mapping: Cybersecurity Framework v.1.0 to SP 800-171 Rev. 2 (xls)
Other Parts of this Publication:
SP 800-171A
Related NIST Publications:
Document History:
01/28/21: SP 800-171 Rev. 2 (Final)
Security and Privacy
audit & accountability; awareness training & education; maintenance; security controls; threats
Laws and Regulations
Federal Acquisition Regulation; Federal Information Security Modernization Act