How many controls does NIST SP 800-171A Rev 3 have?

NIST SP 800-171A Rev 3 contains 35 controls organized across 5 domains.

Where does NIST SP 800-171A Rev 3 apply?

NIST SP 800-171A Rev 3 is applicable in United States (NIST). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does NIST SP 800-171A Rev 3 map to?

NIST SP 800-171A Rev 3 has control-to-control mappings with 240 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with NIST SP 800-171A Rev 3 compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

NIST SP 800-171A Rev 3 — Assessing CUI Security Requirements

NIST Special Publication 800-171A Revision 3 (2024) provides assessment procedures for the security requirements in NIST SP 800-171 Rev 3. It defines assessment objectives and methods (examine, interview, test) for each of the 110 security requirements protecting Controlled Unclassified Information (CUI) in nonfederal systems.

Domains

Incident Response and Media Protection

System Protection and Communications

Audit, Assessment, and Monitoring

Awareness, Training, and Personnel

Access Control and Identification

Frequently Asked Questions

Map NIST SP 800-171A Rev 3 — Assessing CUI Security Requirements to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform