nist-800-171.certification-requirements.com Open in urlscan Pro
74.208.236.182  Public Scan

URL: http://nist-800-171.certification-requirements.com/
Submission: On August 09 via manual from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

GUIDANCE FOR NIST 800-171 ASSESSMENT & COMPLIANCE


 * Share This Topic ABCI Consultants
 * Management System Software
 * Online ISO Training     

 * Zoom Window Out
 * Larger Text | Smaller Text
 * Hide Page Header
 * Show Expanding Text
 * Printable Version
 * Save Permalink URL

Navigation: » No topics above this level «


GUIDANCE FOR NIST 800-171 ASSESSMENTS & COMPLIANCE 17.07.06

Scroll Prev Top Next More



Information Security Management Systems

Implementations and Assessments for Compliance

(800) 644-2056

 

17.07.06

Controlled Unclassified Information (CUI) supports federal missions and business
functions that affect the economic and national security interests of the United
States. Non-federal organizations (e.g. colleges, universities, state, local and
tribal governments, federal contractors and subcontractors) often process,
store, or transmit CUI.

Executive Order 13556, as issued November 10, 2010, designated the National
Archives and Records Administration (NARA) as the Executive Agent to implement
the CUI program. NIST Special Publication 800-171 defines the security
requirements for protecting CUI in non-federal information systems and
organizations.

Security Requirements for Protecting the Confidentiality of CUI

NIST Special Publication 800-171 contains fourteen families of security
requirements (including basic and derived requirements) 18 for protecting the
confidentiality of CUI in nonfederal information systems and organizations.

The security controls from NIST Special Publication 800-53 associated with the
basic and derived requirements are also listed in Appendix D. Organizations can
use Special Publication 800-53 to obtain additional, non-prescriptive
information related to the CUI security requirements (e.g., supplemental
guidance related to each of the referenced security controls, mapping tables to
ISO/ IEC 27001 ISMS, Annex A (security objective & controls), and a catalog of
optional controls that can be used to help specify additional CUI requirements
if needed).

The security requirements identified in 800-171 are intended to be applied to
the non-federal organization’s general-purpose internal information systems that
are processing, storing, or transmitting CUI. Some specialized systems such as
medical devices, Computer Numerical Control (CNC) machines, or industrial
control systems may have restrictions or limitations on the application of
certain CUI requirements and may be granted waivers or exemptions from the
requirements by the federal agency providing oversight.

•Chapter One: Introduction

•Chapter Two: The Fundamentals

•Chapter Three: The Requirements

•NIST 800-171-SECURITY FAMILIES

•Appendix A: References

•Appendix B: Glossary

•Appendix C: Acronyms

•Appendix D: Assessment Method Descriptions

•Appendix E: Penetration Testing

•Appendix F: Security Assessment Procedures

a.AC-FAMILY: ACCESS CONTROL

b.AT-FAMILY: AWARENESS AND TRAINING

c.AU-FAMILY: AUDIT AND ACCOUNTABILITY

d.CA-FAMILY: SECURITY ASSESSMENT AND AUTHORIZATION

e.CM-FAMILY: CONFIGURATION MANAGEMENT

f.CP-FAMILY: CONTINGENCY PLANNING

g.IA-FAMILY: IDENTIFICATION AND AUTHENTICATION

h.IR-FAMILY: INCIDENT RESPONSE

i.MA-FAMILY: MAINTENANCE

j.MP-FAMILY: MEDIA PROTECTION

k.PE-FAMILY: PHYSICAL AND ENVIRONMENTAL PROTECTION

l.PL-FAMILY: PLANNING

m.PM-FAMILY: PROGRAM MANAGEMENT

n.PS-FAMILY: PERSONNEL SECURITY

o.RA-FAMILY: RISK ASSESSMENT

p.SA-FAMILY: SYSTEM AND SERVICES ACQUISITION

q.SC-FAMILY: SYSTEM AND COMMUNICATIONS PROTECTION

r.SI-FAMILY: SYSTEM AND INFORMATION INTEGRITY

•Appendix G: Assessment Reports

•Appendix H: Assessment Cases

•Appendix I: Ongoing Assessment and Automation

•Appendix J: Privacy Assessment Procedures

 

17.07.06

 

 

 

Hosted by ABCI Consultants for Information Security Management Systems |
Implementations, Training and Assessments for Compliance | (800) 644-2056

 * 
 * 
 *