NIST SP 800-171 - National Institute of Standards and Technology Special Publication 800-171 Security and Privacy Controls for Federal Information Systems and Organizations

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800 series contains more than 200 documents designed to help US government agencies and private organizations secure information systems and data. Among them, the 800-171 provides recommended security requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) governed by the Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS).

Validated and supported compliance automation profiles are available for the versions listed below. 

SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | CSRC

SP 800-171A Rev. 3, Assessing Security Requirements for Controlled Unclassified Information | CSRC