NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements
This Handbook provides a step-by-step guide to assessing a small manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1.
- NIST SP 800-171 DoD Assessment Methodology Version 1.2.1
NIST SP 800-171 DoD Assessment Methodology rev 1.2.1, dated June 24, 2020, documents a standard methodology that enables a strategic assessment of a contractor’s implementation of NIST SP 800-171, a requirement for compliance with DFARS clause 252.204-7012. - Updates made to rev 1.2 dated June 10, 2020: Section 4) updated to address changes made due to COVID-19 and Annex B updated to address changes made in the Supplier Performance Risk System (SPRS).
- NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
The NIST SP 800-171 provides federal agencies with a set of recommended security requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) when such information is resident in nonfederal systems and organizations.
- NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information
The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.
- NIST SP 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171
NIST SP 800-172 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of CUI: (1) when the CUI is resident in a nonfederal system and organization, (2) when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency, and (3) where there are no specific safeguarding requirements for protecting the CUI prescribed by the authorizing law, regulation, or government-wide policy
for the CUI category listed in the CUI Registry.
NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
- NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors (both intentional and unintentional).
- NIST SP 800-53A Assessing Security and Privacy Controls in Federal Information Systems and Organizations
This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 4. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security control assessments and privacy control assessments that support organizational risk management processes and that are aligned with the stated risk tolerance of the organization. Information on building effective security assessment plans and privacy assessment plans is also provided along with guidance on analyzing assessment results.
NIST Risk Management Framework
NIST Cybersecurity Framework
- NIST Cybersecurity Framework
Created through collaboration between industry and government, the voluntary Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
National Aerospace Standard (NAS9933)