NIST Special Publication 800 NIST SP 800-171r3

The Security Requirements

03.15.01: Policy and Procedures

This requirement addresses policies and procedures for the protection of CUI. Policies and procedures contribute to security assurance and should address each family of the CUI security requirements…

03.15.02: System Security Plan

System security plans provide key characteristics of the system that is processing, storing, and transmitting CUI and how the system and information are protected. System security plans contain sufficient information to enable a design and implementation that are unambiguously compliant with the intent of the plans and the subsequent determinations of risk if the plan is implemented as intended…

03.15.03: Rules of Behavior

Rules of behavior represent a type of access agreement for system users. Organizations consider rules of behavior for the handling of CUI based on individual user roles and responsibilities and differentiate between rules that apply to privileged users and rules that apply to general users…

The Security Requirements

NIST SP 800-171r3 (USA) & ITSP.10.171 (Canada)

3.1. Access Control

3.2. Awareness and Training

3.3. Audit and Accountability

3.4. Configuration Management

3.5. Identification and Authentication

3.6. Incident Response

3.7. Maintenance

3.8. Media Protection

3.9. Personnel Security

3.10. Physical Protection

3.11. Risk Assessment

3.12. Security Assessment and Monitoring

3.13. System and Communications Protection

3.14. System and Information Integrity

3.15. Planning

3.16. System and Services Acquisition

3.17. Supply Chain Risk Management

CMMC 3.0 - N/A
CPCSC - N/A