NIST SP 800-171 (Rev. 2) - AWS Audit Manager

NIST SP 800-171 (Rev. 2)

To assist you with your audit preparation, AWS Audit Manager provides a prebuilt framework that structures and automates assessments for the NIST SP 800-171 compliance standard, based on AWS best practices.


What is NIST SP 800-171?

NIST SP 800-171 focuses on protecting the confidentiality of Controlled Unclassified Information (CUI) in nonfederal systems and organizations, and it recommends specific security requirements to achieve that objective. NIST 800-171 is a publication that outlines the required security standards and practices for nonfederal organizations that handle CUI on their networks. It was first published in June 2015 by the National Institute of Standards and Technology (NIST). NIST is a U.S. government agency that has released an array of standards and publications to strengthen cybersecurity resilience in both the public and private sectors. NIST 800-171 has received regular updates in line with emerging cyber threats and changing technologies. The latest version (revision 2) was released in February 2020.

The cybersecurity controls within NIST 800-171 are designed to safeguard CUI in the IT networks of government contractors and subcontractors. It defines the practices and procedures that government contractors must adhere to when their networks process or store CUI. NIST 800-171 only applies to those parts of a contractor’s network where CUI is present.

Use AWS Audit Manager to support your NIST audit preparation

You can use the NIST SP 800-171 Rev. 2 framework in AWS Audit Manager to prepare for NIST audits. It contains 66 automated controls and 58 manual controls. The controls offered in this framework aren't intended to verify whether your systems are compliant with NIST 800-171, and they can't guarantee that you will pass a NIST assessment. AWS Audit Manager doesn't automatically check procedural controls that require manual evidence collection.

You can find NIST SP 800-171 Rev. 2 under the Standard frameworks tab of the Framework library in Audit Manager.

For information about how to create an assessment using this framework, see Creating an assessment. For instructions on how to customize this framework to support your specific requirements, see Customizing an existing framework and Customizing an existing control.