Skip to content

NIST 800-171

Protecting Controlled Unclassified Information in non-federal systems

NIST Special Publication 800-171 provides requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations.

Control Families

  • Access Control - Limiting system access to authorized users
  • Awareness and Training - Security awareness for personnel
  • Audit and Accountability - Creating and protecting audit records
  • Configuration Management - Establishing and maintaining baseline configurations
  • Identification and Authentication - Identifying and authenticating users
  • Incident Response - Establishing incident handling capabilities
  • Maintenance - Performing system maintenance
  • Media Protection - Protecting and sanitizing media
  • Personnel Security - Screening individuals prior to access
  • Physical Protection - Limiting physical access
  • Risk Assessment - Assessing operational risk
  • Security Assessment - Assessing security controls
  • System and Communications Protection - Protecting communications
  • System and Information Integrity - Identifying and managing flaws

Key Requirements

  • 110 security requirements across 14 families
  • Basis for CMMC Level 2 certification
  • Required for DoD contractors handling CUI
  • Self-assessment and POA&M development
  • Integration with System Security Plans (SSP)
← All Skills View Resume