Glossary definition: NIST 800 171

NIST 800-171: Securing Controlled Unclassified Information

NIST 800 171 is a set of standards and guidelines issued by the National Institute of Standards and Technology (NIST) for the protection of Controlled Unclassified Information (CUI) stored or processed on nonfederal information systems and organizations. The standards and guidelines are intended to help protect CUI from unauthorized access, use, disclosure, modification, or destruction in accordance with the Federal Information Security Modernization Act (FISMA) of 2014. The standards and guidelines are based on the NIST Cybersecurity Framework and include requirements for identifying, protecting, detecting, responding to, and recovering from cyber threats. The standards and guidelines also require organizations to have in place a risk management program, which includes risk assessments, security controls, security testing, and incident response plans. Additionally, organizations must have a process for monitoring and reporting on the security of their systems and networks. NIST 800 171 provides organizations with a comprehensive set of security requirements and best practices for protecting CUI.