NIST Special Publication 800-171 Revision 3

Policies, frameworks, and compliance standards we hold ourselves to.

Back to Legal Documents

American Digital Services, LLC adheres to NIST SP 800-171 Revision 3 rules for protecting Controlled Unclassified Information (CUI) within nonfederal information systems and organizational boundaries.

https://csrc.nist.gov/pubs/sp/800/171/r3/final

This publication provides a standardized set of security requirements designed to protect the confidentiality of CUI when resident in nonfederal systems, helping to ensure that defense contractors and commercial partners safeguard critical data from sophisticated cyber threats.

Control families covered under Revision 3 include:

  • Access Control
  • Audit and Accountability
  • Awareness and Training
  • Configuration Management
  • Identification and Authentication
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical and Environmental Protection
  • System and Communications Protection
  • System and Information Integrity

Key Enhancements in Revision 3

  • Supply Chain Risk Management (SCRM): Introduces dedicated controls to identify and mitigate systemic vulnerabilities associated with third-party vendors and component procurement.
  • Advanced System and Communications Protection: Strengthened baseline engineering requirements to protect internal networks against sophisticated, persistent tactical threats.
  • Continuous Monitoring and Cyber Hygiene: Places a heavier emphasis on regular vulnerability assessments, logging routines, and rapid patching timelines to maintain system integrity.

Recent Updates & Assessment Guidelines

  • Finalization of Revision 3: NIST finalized and published the fully updated SP 800-171 Revision 3 on May 14, 2024.
  • Companion Assessment Tools: Alongside this publication, NIST released SP 800-171Ar3 (Assessing Security Requirements for Controlled Unclassified Information), which provides specific, tailored procedures for assessors and organizations to evaluate their own compliance against these modernized controls.

Commitment to Compliance

American Digital Services is committed to maintaining the highest standards of security for protecting CUI. By adhering to the guidelines set forth in NIST SP 800-171 Revision 3, we ensure the integrity, confidentiality, and availability of critical information.

Ready to get CMMC-ready, secure, and supported?

We implement and maintain the controls โ€” independent assessors verify them.

Contact Us 800-863-3854