NIST 800-171A

Learn about NIST 800-171A and explore its related security requirements.

  • Purpose

    NIST 800-171A provides assessment procedures that are used during assessments of the NIST 800-171 security requirements.

  • 1-Many Relationship

    Most security requirements contain multiple testable requirements, and as a result they have many determination statements.

  • Self-Assessments

    It is critical to self-assess using the assessment procedures. An auditor will be using them, and you need to self-assess using the same level of rigor.

  • 320 Determination Statements

    NIST 800-171A includes 320 determination statements.

NIST 800-171 / CMMC Training
Available Now!

NIST 800-171A Assessment Procedure Structure

Assessment Procedure

Assessment Procedure

An assessment procedure contains the following:

  1. A security requirement
  2. An assessment objective and its associated determination statements
  3. Assessment methods and objects
NIST 800-171 Requirement

NIST 800-171 Requirement

This is the NIST 800-171 ID and requirement language that will be assessed.

Assessment Objective

Assessment Objective

The assessment objective contains determination statements.

Determination Statements

Determination Statements

The determination statements have an identifier (ie 3.1.3[b]) and a statement that will be assessed.

The determination statements are granular and decompose the requirement language into distinct testable statements.

There is usually more than one determination statement per assessment objective.

Assessment Methods and Objects

Assessment Methods and Objects

The assessment methods and objects contain guidance on how the requirement can be assessed.

Assessment Methods

Assessment Methods

The assessment methods include the following:

  1. Examine
  2. Interview
  3. Test
Assessment Objects

Assessment Objects

The assessment objects are in the text AFTER the assessment method (ie examine / interview / test).

What is the purpose of NIST 800-171A?

NIST 800-171A provides assessment procedures for the security requirements in NIST 800-171.

What are assessment procedures?

An assessment procedure consists of an assessment objective, the objective's determination statement(s), and a set of potential assessment methods and assessment objects that can be used to conduct the assessment.

What are assessment objectives?

Assessment objectives are containers for determination statements.

What are determination statements?

Determination statements are the individual tests included in an assessment objective. An example of a determination statement is 3.1.1[a]: "Authorized users are identified."

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!

NIST 800-171 r2

Learn about NIST 800-171 and explore its 110 security requirements.

CMMC 2.1

Learn about the CMMC and explore its requirements.