Today, NIST announced the release of draft Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information. This publication is a companion tool for NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the security requirements in NIST SP 800-171.
This objective is accomplished by:
- Providing flexible and tailorable assessment procedures for the CUI security requirements;
- Defining assessment objectives to help guide and inform the assessment;
- Specifying assessment methods that can be used to generate evidence and produce findings and results;
- Describing a set of assessment objects to which the methods can be applied;
- Facilitating different levels of assurance in security assessments by varying the scope and rigor of the assessment through selectable depth and coverage attributes; and
- Providing supplemental guidance to explain and interpret the CUI security requirements.
Your feedback on this draft publication is important to us and to NIST. We and NIST appreciate each contribution from reviewers. The very insightful comments from the public and private sectors, nationally and internationally, will continue to help shape the final publication to ensure that it meets the needs and expectations of our customers.
The public comment period is November 28 through December 27, 2017. Comments can be submitted to firstname.lastname@example.org using the comment template. NIST anticipates publishing the final version of this publication in the Spring of 2018.