U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Assessing Enhanced Security Requirements for Controlled Unclassified Information

Published

Author(s)

Victoria Pillitteri, Ron Ross

Abstract

The protection of controlled unclassified information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication provides federal agencies with assessment procedures for the enhanced security requirements in NIST SP 800-172. The assessment procedures are flexible and can be tailored to the needs of federal agencies and assessors. Security requirement assessments can be conducted as (1) self-assessments; (2) independent, third-party assessments; or (3) government-sponsored assessments. The assessments can be conducted with varying degrees of rigor based on federal agency-defined depth and coverage attributes. The findings and evidence produced during the assessments can be used to facilitate risk-based decisions by organizations related to the security requirements
Citation
Special Publication (NIST SP) - 800-172Ar3
Report Number
800-172Ar3
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-172Ar3
Local Download

Keywords

assessment, assessment procedure, assurance, enhanced security requirement, enhanced security requirement assessment, controlled unclassified information, Executive Order 13556, nonfederal organization, nonfederal system, security assessment
Information technology and Cybersecurity and privacy

Citation

Pillitteri, V. and Ross, R. (2026), Assessing Enhanced Security Requirements for Controlled Unclassified Information, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-172Ar3, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=962130 (Accessed May 14, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created May 13, 2026
Was this page helpful?