-
Purpose
NIST 800-171 provides security requirements for the protection of controlled unclassified information (CUI) on nonfederal systems.
-
Confidentiality
NIST 800-171 is laser focused on confidentiality. Its requirements do not account for availability and integrity.
-
System Security Plan
NIST 800-171 requires a system security plan (SSP) demonstrating how the entity has implemented the security controls.
-
NIST 800-53 & FIPS 200
NIST 800-171's 110 security requirements are derived from NIST 800-53 and FIPS 200.
-
14 Control Families
NIST 800-171 groups its security requirements into 14 families including access control, configuration management, and physical protection.
-
NFO Controls
NIST 800-171's appendix includes 61 non-federal organization (NFO) controls. NIST tailored these controls out because they assume they are implemented.
NIST 800-171A
Learn about NIST 800-171A and explore its assessment procedures.
CMMC 2.1
Learn about the CMMC and explore its requirements.
What is the purpose of NIST 800-171?
NIST 800-171 provides security requirements for CUI on nonfederal systems.
Why do I need to implement NIST 800-171?
How can I find training on NIST 800-171?
How many controls does NIST 800-171 have?
Where did the NIST 800-171 controls come from?
Where can I find a list of the NIST 800-171 controls?
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!