The NIST Special Publication 800-171 revision 2 contains 110 controls that create the security baseline for information systems interfacing with Controlled Unclassified Information (CUI).

The NIST SP 800-171r2 is available from NIST website. Click Here for the source documentation.

The method for assessing controls is annotated in the DoD Assessment Methodology. DoD uses this methodology to assess the implementation of NIST SP 800-171 by its prime contractors. DoD attests that Prime contractors may use this same methodology to assess the implementation status of NIST SP 800-171 by subcontractors. This assessment method includes a weighted scoring methodology that is reported to SPRS, in accordance with DFARS 252.204-7024.

The DoD Assessment Methodology is available from GSA. Click Here for the source documentation.

The third party attestation model, known as CMMC 2.0 will implement three levels, and be assessed using the CMMC Assessment Process (CAP).

Coming Soon