nist-800-171.certification-requirements.com
Open in
urlscan Pro
74.208.236.182
Public Scan
URL:
http://nist-800-171.certification-requirements.com/
Submission: On August 09 via manual from US — Scanned from DE
Submission: On August 09 via manual from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
GUIDANCE FOR NIST 800-171 ASSESSMENT & COMPLIANCE * Share This Topic ABCI Consultants * Management System Software * Online ISO Training * Zoom Window Out * Larger Text | Smaller Text * Hide Page Header * Show Expanding Text * Printable Version * Save Permalink URL Navigation: » No topics above this level « GUIDANCE FOR NIST 800-171 ASSESSMENTS & COMPLIANCE 17.07.06 Scroll Prev Top Next More Information Security Management Systems Implementations and Assessments for Compliance (800) 644-2056 17.07.06 Controlled Unclassified Information (CUI) supports federal missions and business functions that affect the economic and national security interests of the United States. Non-federal organizations (e.g. colleges, universities, state, local and tribal governments, federal contractors and subcontractors) often process, store, or transmit CUI. Executive Order 13556, as issued November 10, 2010, designated the National Archives and Records Administration (NARA) as the Executive Agent to implement the CUI program. NIST Special Publication 800-171 defines the security requirements for protecting CUI in non-federal information systems and organizations. Security Requirements for Protecting the Confidentiality of CUI NIST Special Publication 800-171 contains fourteen families of security requirements (including basic and derived requirements) 18 for protecting the confidentiality of CUI in nonfederal information systems and organizations. The security controls from NIST Special Publication 800-53 associated with the basic and derived requirements are also listed in Appendix D. Organizations can use Special Publication 800-53 to obtain additional, non-prescriptive information related to the CUI security requirements (e.g., supplemental guidance related to each of the referenced security controls, mapping tables to ISO/ IEC 27001 ISMS, Annex A (security objective & controls), and a catalog of optional controls that can be used to help specify additional CUI requirements if needed). The security requirements identified in 800-171 are intended to be applied to the non-federal organization’s general-purpose internal information systems that are processing, storing, or transmitting CUI. Some specialized systems such as medical devices, Computer Numerical Control (CNC) machines, or industrial control systems may have restrictions or limitations on the application of certain CUI requirements and may be granted waivers or exemptions from the requirements by the federal agency providing oversight. •Chapter One: Introduction •Chapter Two: The Fundamentals •Chapter Three: The Requirements •NIST 800-171-SECURITY FAMILIES •Appendix A: References •Appendix B: Glossary •Appendix C: Acronyms •Appendix D: Assessment Method Descriptions •Appendix E: Penetration Testing •Appendix F: Security Assessment Procedures a.AC-FAMILY: ACCESS CONTROL b.AT-FAMILY: AWARENESS AND TRAINING c.AU-FAMILY: AUDIT AND ACCOUNTABILITY d.CA-FAMILY: SECURITY ASSESSMENT AND AUTHORIZATION e.CM-FAMILY: CONFIGURATION MANAGEMENT f.CP-FAMILY: CONTINGENCY PLANNING g.IA-FAMILY: IDENTIFICATION AND AUTHENTICATION h.IR-FAMILY: INCIDENT RESPONSE i.MA-FAMILY: MAINTENANCE j.MP-FAMILY: MEDIA PROTECTION k.PE-FAMILY: PHYSICAL AND ENVIRONMENTAL PROTECTION l.PL-FAMILY: PLANNING m.PM-FAMILY: PROGRAM MANAGEMENT n.PS-FAMILY: PERSONNEL SECURITY o.RA-FAMILY: RISK ASSESSMENT p.SA-FAMILY: SYSTEM AND SERVICES ACQUISITION q.SC-FAMILY: SYSTEM AND COMMUNICATIONS PROTECTION r.SI-FAMILY: SYSTEM AND INFORMATION INTEGRITY •Appendix G: Assessment Reports •Appendix H: Assessment Cases •Appendix I: Ongoing Assessment and Automation •Appendix J: Privacy Assessment Procedures 17.07.06 Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056 * * *