Open for Public Comment: Draft NIST SP 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

The initial public draft (IPD) of NIST Special Publication (SP) 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, is available for public comment and review through July 14, 2023.


This update to NIST SP 800-171 represents over one year of data collection, technical analyses, customer interaction, redesign, and development of the security requirements and supporting information for the protection of Controlled Unclassified Information (CUI). Many trade-offs have been made to ensure that the technical and non-technical requirements have been stated clearly and concisely while also recognizing the specific needs of both federal and nonfederal organizations.


Significant changes NIST SP 800-171, Revision 3 include:


Updates to the security requirements and families to reflect updates in NIST SP 800-53, Revision 5 and the NIST SP 800-53B moderate control baseline
Updated tailoring criteria
Increased specificity for security requirements to remove ambiguity, improve the effectiveness of implementation, and clarify the scope of assessments
Introduction of organization-defined parameters (ODP) in selected security requirements to increase flexibility and help organizations better manage risk
A prototype CUI overlay

In addition to the draft publication, NIST has issued an FAQ, a detailed analysis of the changes between Revision 2 and Revision 3, and a prototype CUI Overlay. All are available on the publication details page, under "Supplemental Material."


NIST will also host a webinar on June 6, 2023 to provide an overview of the significant changes to SP 800-171, Revision 3. Registration information will be announced separately through a GovDelivery announcement and on the Protecting CUI project site.


Submit Your Comments


The public comment period i ..

Support the originator by clicking the read the rest link below.