Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-171A

Assessing Security Requirements for Controlled Unclassified Information

Date Published: June 2018

Planning Note (04/13/2022):

The assessment procedures in SP 800-171A are available in multiple data formats. The PDF of SP 800-171A is the authoritative source of the assessment procedures. If there are any discrepancies noted in the content between the CSV, XLSX, and the SP 800-171A PDF, please contact and refer to the PDF as the normative source.

CUI SSP template

** There is no prescribed format or specified level of detail for system security plans. However, organizations ensure that the required information in [SP 800-171 Requirement] 3.12.4 is conveyed in those plans.


Ron Ross (NIST), Kelley Dempsey (NIST), Victoria Pillitteri (NIST)



assessment; assessment method; assessment object; assessment procedure; assurance; basic security requirement; Controlled Unclassified Information; coverage; CUI Registry; depth; derived security requirement; Executive Order 13556; FISMA; NIST Special Publication 800-53; NIST Special Publication 800-53A; nonfederal organization; nonfederal system; security assessment; security control
Control Families

None selected