Assessing Security Requirements for Controlled Unclassified Information

Date Published: November 9, 2023
Comments Due: January 26, 2024 (public comment period is CLOSED)
Email Questions to: 800-171comments@list.nist.gov

Planning Note (12/13/2023):

The public comment period has been extended to January 26, 2024.

Author(s)

Ron Ross (NIST), Victoria Pillitteri (NIST)

Announcement

This initial public draft is being released along with NIST SP 800-171r3 fpd (final public draft). 

In addition to reflecting the security requirements in NIST SP 800-171r3 fpd, the following significant changes have been made:

• Restructured the assessment procedure syntax to align with NIST SP 800-53A
• The addition of a references section to provide source assessment procedures from NIST SP 800-53A
• A one-time change to the publication version number (skipping “Revision 2”) to align with NIST SP 800-171r3

Submit Your Comments

The public comment period is open now through January 12 January 26, 2024. We strongly encourage you to use this comment template if possible, and submit it to 800-171comments@list.nist.gov.

Reviewers are encouraged to comment on all or parts of draft NIST SP 800-171A, Revision 3. NIST is specifically interested in comments, feedback, and recommendations for the following topics:

• The alignment of the assessment procedures to NIST SP 800-53A
• The use of organization-defined parameters (ODPs) in the assessment procedures
• The ease-of-use of the assessment

Comments received in response to this request will be posted on the Protecting CUI project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed.

Please direct questions and comments to 800-171comments@list.nist.gov.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.

Control Families

None selected