Draft Special Publication 800-171, Revision 1, represents a limited update to the original publication released in June 2015. In particular, this update includes:

• A clarification of the purpose and applicability statement;
• Minor clarifications, additions, and adjustments to selected CUI requirements;
• Guidance on the use of system security plans (SSPs) and plans of action and milestones (POAMs) to demonstrate the implementation or planned implementation of CUI requirements by nonfederal organizations;
• Guidance on federal agency use of submitted SSPs and POAMs as critical inputs to risk management decisions and decisions on whether or not to pursue agreements or contracts with nonfederal organizations;
• Additional definitions and terms for the glossary; and
• The implementation of hyperlinks to facilitate ease of use in navigating the document.