-
Purpose
NIST 800-171A provides assessment procedures that are used during assessments of the NIST 800-171 security requirements.
-
1-Many Relationship
Most security requirements contain multiple testable requirements, and as a result they have many determination statements.
-
Self-Assessments
It is critical to self-assess using the assessment procedures. An auditor will be using them, and you need to self-assess using the same level of rigor.
-
320 Determination Statements
NIST 800-171A includes 320 determination statements.
NIST 800-171A Assessment Procedure Structure
Assessment Procedure
An assessment procedure contains the following:
- A security requirement
- An assessment objective and its associated determination statements
- Assessment methods and objects
NIST 800-171 Requirement
This is the NIST 800-171 ID and requirement language that will be assessed.
Assessment ObjectiveAssessment Objective
The assessment objective contains determination statements.
Determination StatementsDetermination Statements
The determination statements have an identifier (ie 3.1.3[b]) and a statement that will be assessed.
The determination statements are granular and decompose the requirement language into distinct testable statements.
There is usually more than one determination statement per assessment objective.
Assessment Methods and ObjectsAssessment Methods and Objects
The assessment methods and objects contain guidance on how the requirement can be assessed.
Assessment MethodsAssessment Methods
The assessment methods include the following:
- Examine
- Interview
- Test
Assessment Objects
The assessment objects are in the text AFTER the assessment method (ie examine / interview / test).
What is the purpose of NIST 800-171A?
NIST 800-171A provides assessment procedures for the security requirements in NIST 800-171.
What are assessment procedures?
What are assessment objectives?
What are determination statements?
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!
NIST 800-171 r2
Learn about NIST 800-171 and explore its 110 security requirements.
CMMC 2.1
Learn about the CMMC and explore its requirements.