What is NIST SP 800-171?
NIST SP 800-171 is a set of security standards issued by the US National Institute of Standards and Technology (NIST). It is aimed at protecting controlled unclassified information (CUI) in non-federal information systems and organizations. The standard defines security requirements for 14 families of security controls, including access control, incident response, and system and communication protection. Organizations that handle CUI must comply with these requirements to ensure the confidentiality and security of sensitive information.
How many security controls are required for NIST 800-171?
NIST SP 800-171 requires the implementation of 110 security controls. These controls are organized into 14 control families and are intended to provide a comprehensive security framework for the protection of controlled unclassified information (CUI) in non-federal information systems and organizations. The 14 control families include access control, awareness and training, audit and accountability, configuration management, identification and authentication, incident response, maintenance, media protection, physical protection, personnel security, security assessment, security management, system and communications protection, and system and information integrity.
What types of data can be hosted in a NIST 800-171?
NIST SP 800-171 is designed to protect controlled unclassified information (CUI) hosted in non-federal information systems and organizations. CUI refers to information that requires safeguarding or dissemination controls and is either: (1) marked or otherwise identified in the organization’s information management procedures as requiring protection under law, regulations, or government-wide policy, or (2) information that requires protection for national security purposes.
Examples of CUI include but are not limited to:
- Personally identifiable information (PII)
- Export control information
- Contractor proprietary information
- Intellectual property
- Law enforcement sensitive information
- Financial information
- Protected health information (PHI)
Organizations that handle CUI are required to comply with NIST SP 800-171 security requirements to ensure the confidentiality and security of sensitive information.
Which US branch approves NIST 800-171?
NIST SP 800-171 is issued by the National Institute of Standards and Technology (NIST), which is an agency of the United States Department of Commerce. NIST is responsible for developing standards, guidelines, and best practices for information technology, including cybersecurity, to ensure the security and reliability of information systems used by the government and other organizations. NIST SP 800-171 is a widely recognized and adopted security standard, and organizations handling controlled unclassified information (CUI) are expected to comply with its requirements.
Are you eager to unlock the full potential of your Federal Compliance journey?
We can provide guidance, tips and tricks with RiskGuardian360. Subscribe to our newsletter.
Our team is highly committed.
Our team possesses a strong passion for federal compliance.
Our team possesses a strong passion for federal compliance.
Therefore, we have traversed the trial-and-error path in our Federal Compliance Journey and have constructed an application employing AI to aid in Federal Compliance.
