NIST 800-171 R3 In A Nutshell

It is worthwhile to take a look at NIST 800-171 R3 through a People, Process, Technology, Data & Facility (PPTDF) lens, since it can help add perspective. 

The intent of this "NIST 800-171 R3 In A Nutshell" matrix is to help visualize the primary function of each NIST 800-171 R3 control. While technology can often be used to help implement a process, many controls are process-related where there is a wide variety of options available to implement the control. That is where the process needs to be clearly defined (e.g., procedure, SOP, etc.) for the uniform execution of the control. 

For technology controls, this is often a configuration setting that rarely changes once it is established and enforced. You'll see that less than half of NIST 800-171 R3 controls are primarily technology-related. If you want to download the PDF of this matrix, you can download it from: https://complianceforge.com/content/pdf/guide-nist-800-171-r3-nutshell.pdf

There is more of a deeper discussion on PPTDF that you can make a cup of coffee and read about here: https://complianceforge.com/blog/people-processes...