Skip to content

Glossary definition: NIST 800-171 Controls

NIST 800-171: Protecting Controlled Unclassified Information

NIST 800-171 Controls are a set of security requirements established by the National Institute of Standards and Technology (NIST) that organizations must adhere to in order to protect Controlled Unclassified Information (CUI) stored or processed on their systems. These controls are intended to ensure that CUI is adequately protected from unauthorized access, use, disclosure, destruction, or modification. The controls are divided into 14 different areas, each of which contains specific security requirements that must be met. These areas include Access Control, Awareness and Training, Audit and Accountability, Configuration Management, Identification and Authentication, Incident Response, Maintenance, Media Protection, Physical Protection, Personnel Security, Risk Assessment, Security Assessment, System and Communications Protection, and System and Information Integrity. Each of these areas contains specific security requirements that must be implemented and maintained in order to ensure the protection of CUI.