CMMCDocs.comHome / Glossary / NIST SP 800-171
NIST SP 800-171
Also known as: NIST 800-171 · SP 800-171 · 800-171
The NIST publication defining 110 security requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems. Forms the technical basis of CMMC Level 2.
NIST Special Publication 800-171 is a National Institute of Standards and Technology document titled 'Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.' It defines 110 security requirements organized into 14 control families.
The current version used for CMMC Level 2 assessments is NIST SP 800-171 Revision 2. NIST SP 800-171 Rev 3 was published in May 2024 but has not yet been incorporated into the CMMC program — Level 2 assessments continue to use Rev 2 until the DoD updates 32 CFR Part 170.
The 14 control families are: Access Control (AC), Awareness and Training (AT), Audit and Accountability (AU), Configuration Management (CM), Identification and Authentication (IA), Incident Response (IR), Maintenance (MA), Media Protection (MP), Physical Protection (PE), Personnel Security (PS), Risk Assessment (RA), Security Assessment (CA), System and Communications Protection (SC), and System and Information Integrity (SI). CMMC also incorporates Supply Chain Risk Management (SR).
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account