NIST 800-171 r2

Learn about NIST 800-171 r2 and explore its 110 security requirements.

  • Purpose

    NIST 800-171 provides security requirements for the protection of controlled unclassified information (CUI) on nonfederal systems.

  • Confidentiality

    NIST 800-171 is laser focused on confidentiality. Its requirements do not account for availability and integrity.

  • System Security Plan

    NIST 800-171 requires a system security plan (SSP) demonstrating how the entity has implemented the security controls.

  • NIST 800-53 & FIPS 200

    NIST 800-171's 110 security requirements are derived from NIST 800-53 and FIPS 200.

  • 14 Control Families

    NIST 800-171 groups its security requirements into 14 families including access control, configuration management, and physical protection.

  • NFO Controls

    NIST 800-171's appendix includes 61 non-federal organization (NFO) controls. NIST tailored these controls out because they assume they are implemented.

NIST 800-171 / CMMC Training
Available Now!

NIST 800-171A

Learn about NIST 800-171A and explore its assessment procedures.

CMMC 2.1

Learn about the CMMC and explore its requirements.

NIST 800-171 provides security requirements for CUI on nonfederal systems.

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!