Withdraw al Pending Warning Notice This document has been superseded by the document identified below. It will remain active until the withdrawal date, when it will be officially withdrawn. Withdrawal Date February 21, 2021 Superseded Date February 21, 2020 Original Release Date December 20, 2016 Superseding Document Status Final Series/Number NIST Special Publication 800- 171 Revision 2 Title Protecting Controlled Unclassified Information in Nonfederal Systems Publication Date February 2020 DOI https://doi.org/10.6028/NIST.SP.800- 171r2 CSRC URL https://csrc.nist.gov/publications/detail/sp/800- 171r2 Additional Information NIST Special Publication 800 -171 Revision 1 Protecting Controlled Unclassified Inform ation in Nonfederal Systems and Organizations RON ROSS PATRICK VISCUSO GARY GUISSANIE KELLEY DEMPSEY MARK RIDDLE This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800- 171r1 NIST Special Publication 800 -171 Revision 1 Protecting Controlled Unclassified Inform ation in Nonfederal Systems and Organizations RON ROSS KELLEY DEMPSEY Computer Security Division National Institute of Standards and Technology PATRICK VISCUSO MARK RIDDLE Information Security Oversight Office National Archives and Records Administration GARY GUISSANIE Institute for Defense Analyses Supporting the Department of Defense This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800- 171r1 December 2016 INCLUDES UPDATES AS OF 06-07-2018 U.S. Department of Commerce Penny Pritzker, Secretary National Instit ute of Standards and Technology Willie May , Under Secretary of Commer ce for Standards and Technology and Director SPECIAL PUBLICATION 800 -171 P ROTECTING CONTROLLED UNCLASSIFIED INFORMATION IN REVISION 1 NONFEDERAL SYSTEMS AND ORGANIZATIONS _________________________________________________________________________________________________ PAGE i This publication is available free of charge from: http s://doi.org/10.6028/ NIST.SP.800 -171r1 Authority This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act ( FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113- 283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A - 130. Nothing in this publication should be taken to contradict the standards and guidelines made mand atory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Comme