Citation[edit | edit source]
Overview[edit | edit source]
This publication is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the security requirements in NIST Special Publication 800-171, Protecting Controlled Unclassified Information is Nonfederal Systems and Organizations.
This objective is accomplished by:
- Providing flexible and tailorable assessment procedures for the CUI security requirements;
- Defining assessment objectives to help guide and inform the assessment;
- Specifying assessment methods that can be used to generate evidence and produce findings and results;
- Describing a set of assessment objects to which the methods can be applied;
- Facilitating different levels of assurance in security assessments by varying the scope and rigor of the assessment through selectable depth and coverage attributes; and
- Providing supplemental guidance to explain and interpret the CUI security requirements.
The content in this publication is derived from NIST Special Publication 800-53A, which provides assessment procedures to determine the effectiveness of the security controls in NIST Special Publication 800-53.