Search CSRC

On June 6, 2023, NIST will host a webinar to provide an overview of the significant changes in NIST Special Publication (SP) 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This revision to NIST SP 800-171 represents over one year of data collection, technical analyses, customer interaction, redesign, and development of the security requirements and supporting information for the protection of Controlled Unclassified Information (CUI). Draft SP 800-171, Revision 3 is currently available for public comment through July 14, 2023....

Abstract: This introductory guide provides small businesses with a high level overview of NIST Special Publication (SP) 800-171 Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The document is broken up into two separate sections. The first few pages provide...

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication pro...

Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective. Recent Updates August 18, 2025: NIST has released a small business primer to supplement SP 800-171 Revision 3, to help smaller, under-resourced organizations better protect Controlled Unclassified Information (CUI). This resource...

Recent Updates August 27, 2025: In response to Executive Order 14306, NIST SP 800-53 Release 5.2.0 has been finalized and is now available on the Cybersecurity and Privacy Reference Tool. Release 5.2.0 includes changes to SP 800-53 and SP 800-53A, there are no changes to the baselines in SP 800-53B. A summary of the changes is available, and replaces the "preview version" issued on August 22 (no longer available). August 22, 2025: A preview of the updates to NIST SP 800-53 (Release 5.2.0) is available on the Public Comment Site. This preview will be available until NIST issues...

Mappings to NIST Documents The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts (SMEs) in defining standardized online informative references (OLIRs) between elements of their documents, products, and services and elements of NIST documents like the Cybersecurity Framework Version 1.1, Privacy Framework Version 1.0, NISTIR 8259A, or NIST SP 800-53 Revision 5. The NIST Internal Report (IR) 8278, R1 – National Online Informative References (OLIR) Program: Overview, Benefits, and Use focuses on explaining what OLIRs are, what benefits...

Type: Presentation

Type: Presentation

On July 19, 2022, NIST announced its intention to update the series of special publications dedicated to the Protection of Controlled Unclassified Information (CUI). Many changes are actively under consideration reflecting the current thinking of NIST after extensive review and analyses of the public comments. Based on the feedback received, inputs from workshops and conferences, and discussions with federal agencies, the changes under consideration include: Streamlining the Introduction and Fundamentals sections of the document Withdrawing requirements that are either outdated, no longer...

Driver for the National Checklist Program. The National Archives and Records Administration (NARA) is sponsoring a FAR clause regarding SP 800-171.

Abstract: The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication provides federal agencies with recommended security...

Abstract: The protection of Controlled Unclassified Information (CUI) is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication provides organizations with assessment procedures an...

Abstract: The protection of Controlled Unclassified Information (CUI) in nonfederal systems and organizations is important to federal agencies and can directly impact the ability of the Federal Government to successfully carry out its assigned missions and business operations. This publication provides federa...

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions. This publication pro...

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations. This public...

Abstract: [The errata update includes minor editorial changes to selected CUI security requirements, some additional references and definitions, and a new appendix that contains an expanded discussion about each CUI requirement.] The protection of Controlled Unclassified Information (CUI) resident in nonfede...

Abstract: The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations. This public...

Abstract: The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business o...

Abstract: The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business o...

Abstract: The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business o...

Abstract: The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business o...

Abstract: The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business o...

NIST developed category consists of submissions developed by NIST staff or contractors. Select from overlays listed below for more information and to access the overlay. Overlay Name / Version Author / Point of Contact Technology or System Comment SP 800-82 v1 / Version 2 Author: Keith Stouffer PoC: Keith Stouffer x1234 Industrial Control System The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include...

Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 Purpose Enhanced security requirements to help protect the confidentiality, integrity, and availability of Controlled Unclassified Information (CUI) associated with critical programs or high value assets from the advanced persistent threat (APT). Scope The enhanced security requirements in NIST SP 800-172 are supplemental and do not impact the basic and derived security requirements contained in NIST SP 800-171, nor the scope of the implementation of the NIST...

What have we been up to? Here are some of the latest updates… We are currently in Phase 1 of updating the CPRT roadmap tool. Stay tuned as NIST adds reference data from other publications to this tool and develops features to interact with the data in new ways in the future. Recent CPRT Additions: 02/19/2026 | NIST AI 100-2 E2025, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations 02/19/2026 | AI RMF 1.0, Artificial Intelligence Risk Management Framework 02/19/2026 | NIST SP 800-60 Vol. 2 Rev. 1, Guide for Mapping Types of Information and Information...