What Is It?

NIST SP 800-171 is a relatively new NIST publication that addresses the requirements for the protection of Controlled
Unclassified Information (CUI)
. Both the CUI designation and the NIST 800-171 framework are intended to standardize and replace previously existing designations and frameworks used to protect this type of sensitive information. NIST 800-171
specifies a group of 114 controls that are deemed Basic and Derived.

NIST SP 800-171 provides federal agencies with regulations for protecting the confidentiality of CUI when:

CUI resides in nonfederal information systems/organizations.

CUI resides in information systems not operated by contractors of federal agencies or organizations on behalf of federal agencies.

There are no specific regulations for the protection and maintenance of CUI confidentiality
prescribed by the authorizing law, regulation, or government-wide policy for the CUI category
or subcategory listed in the CUI Registry.

The NIST requirements apply to all components of nonfederal information systems and organizations that:

process, store, or transmit CUI, or provide security protection for such components.

The following outlines MegaplanIT’s proven NIST SP 800-171 methodology.

NIST SP 800-171 Assessment Approach

(Click the numbers below to view each phase description.)

Select an assessment from the dropdown menu for more information.