U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-171A

Assessing Security Requirements for Controlled Unclassified Information

Date Published: June 2018

Planning Note (6/13/2018):

Documentation > Supplemental Material > CUI SSP template:

** There is no prescribed format or specified level of detail for system security plans. However, organizations ensure that the required information in [SP 800-171 Requirement] 3.12.4 is conveyed in those plans.


Ron Ross (NIST), Kelley Dempsey (NIST), Victoria Pillitteri (NIST)



assessment; assessment method; assessment object; assessment procedure; assurance; basic security requirement; Controlled Unclassified Information; coverage; CUI Registry; depth; derived security requirement; Executive Order 13556; FISMA; NIST Special Publication 800-53; NIST Special Publication 800-53A; nonfederal organization; nonfederal system; security assessment; security control
Control Families

None selected


SP 800-171A (DOI)
Local Download

Supplemental Material:
CUI SSP template **[see Planning Note] (word)
CUI Plan of Action template (word)

Other Parts of this Publication:
SP 800-171 Rev. 2

Related NIST Publications:
ITL Bulletin

Document History:
11/28/17: SP 800-171A (Draft)
02/20/18: SP 800-171A (Draft)
06/13/18: SP 800-171A (Final)