https://cooey.wiki/index.php?action=history&feed=atom&title=NIST_800-171NIST 800-171 - Revision history2026-05-01T08:48:21ZRevision history for this page on the wikiMediaWiki 1.42.3https://cooey.wiki/index.php?title=NIST_800-171&diff=37&oldid=prevMarieramsay at 22:39, 29 September 20242024-09-29T22:39:35Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 22:39, 29 September 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l25">Line 25:</td>
<td colspan="2" class="diff-lineno">Line 25:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* System and Communications Protection</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* System and Communications Protection</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* System and Information Integrity</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* System and Information Integrity</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''Compliance and Implementation:'''</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>'''Compliance and Implementation:'''</div></td></tr>
<!-- diff cache key cooey_mediawiki-mw_:diff:1.41:old-36:rev-37:php=table -->
</table>Marieramsayhttps://cooey.wiki/index.php?title=NIST_800-171&diff=36&oldid=prevMarieramsay: Created page with "[https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final NIST 800-171], officially titled "Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations," is a publication developed by the National Institute of Standards and Technology (NIST). It provides a set of guidelines and security requirements for protecting sensitive but unclassified information, specifically Controlled Unclassified Information (CUI), when it is stored or transmitted by..."2024-09-29T22:39:17Z<p>Created page with "[https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final NIST 800-171], officially titled "Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations," is a publication developed by the National Institute of Standards and Technology (NIST). It provides a set of guidelines and security requirements for protecting sensitive but unclassified information, specifically Controlled Unclassified Information (CUI), when it is stored or transmitted by..."</p>
<p><b>New page</b></p><div>[https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final NIST 800-171], officially titled "Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations," is a publication developed by the National Institute of Standards and Technology (NIST). It provides a set of guidelines and security requirements for protecting sensitive but unclassified information, specifically Controlled Unclassified Information (CUI), when it is stored or transmitted by nonfederal (private sector) systems.<br />
<br />
Key points of NIST 800-171 include:<br />
<br />
'''Scope and Purpose:'''<br />
<br />
NIST 800-171 was created to help contractors and other nonfederal entities meet security requirements when handling CUI in their IT systems and networks, especially when doing business with the federal government.<br />
CUI includes sensitive information related to defense, research, financial data, and other areas that could impact national security or privacy if mishandled.<br />
<br />
'''14 Security Families:'''<br />
<br />
The document organizes 110 security controls into 14 families, which cover areas like access control, incident response, system and communications protection, media protection, and risk assessment. The security families are:<br />
* Access Control<br />
* Awareness and Training<br />
* Audit and Accountability<br />
* Configuration Management<br />
* Identification and Authentication<br />
* Incident Response<br />
* Maintenance<br />
* Media Protection<br />
* Personnel Security<br />
* Physical Protection<br />
* Risk Assessment<br />
* Security Assessment<br />
* System and Communications Protection<br />
* System and Information Integrity<br />
<br />
'''Compliance and Implementation:'''<br />
<br />
Federal contractors, especially those working with the Department of Defense (DoD), must comply with NIST 800-171 when they handle CUI. It is part of broader cybersecurity requirements like the Cybersecurity Maturity Model Certification (CMMC).<br />
Companies must assess their systems against the requirements, identify gaps, and take corrective actions to meet the necessary <br />
security standards.<br />
<br />
'''DFARS 252.204-7012:'''<br />
<br />
The Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 mandates that defense contractors must implement NIST 800-171 to protect CUI. Failure to comply can result in penalties or disqualification from government contracts.<br />
NIST 800-171 is important for contractors because it ensures that sensitive government data remains protected, even when it's outside government systems. This standard helps strengthen the security posture of organizations working with the federal government, particularly in industries like defense and aerospace.</div>Marieramsay