NIST SP 800-171, R3, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems, is a set of recommended security requirements for protecting the confidentiality of CUI.
NIST has released a supplementary small business primer to SP 800-171, R3 to help smaller, under-resourced organizations better protect CUI.
Key Highlights Include:
- A foundational overview of SP 800-171, R3.
- Considerations to be mindful of as organizations begin implementing the requirements in SP 800-171, R3.
- An emphasis on the important relationship between SP 800-171 and SP 800-171A.
- A list of frequently asked questions and their answers.
- Key differences between SP 800-171 Revision 2 and Revision 3.
- Tips to help those tasked with implementing SP 800-171 get started.
- Additional resources that small businesses can put into action.
- Concepts and language that can be used when seeking support from internal or external cybersecurity teams.
Who is it for?
The document is separated into two sections to accommodate various audiences.
- Pages 1-6 are designed to provide a brief overview of SP 800-171. This is designed for anyone, not just small business owners, who may need a general overview of 800-171.
- Pages 7-27 are for those who are tasked with managing the implementation SP 800-171, R3. It is not all-encompassing, but it does provide tips and resources to help with getting started with each of the 17 control families. This section serves as a bridge to the larger SP 800-171 publication.
This is the first part of an effort to begin breaking down components of 800-171, R3 for the small business community. Future resources will expand upon the primer’s content.