NIST SP 800-171 Protecting Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations

NIST has drafted Special Publication 800-171 that is titled: Protecting Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations.

The intent of this special publication is to provide a minimal set of security controls for Non-Federal Information Systems and Organizations AKA “Federal Contractors and their back end information systems utilized to deliver services to the Federal Government”.

The SP 800-171 has a familiar look and feel of that used in SP 800-53, the only difference being that there are less families of control and less controls as a whole.

It is expected that Federal Agencies will begin integrating 800-171 compliance at the individual contract level until a FAR (Federal Acquisition Regulation) is completed.

Aspiryon provides NIST 800-171 Compliance and Audit Services for Federal Contractor Systems and Organizations.