Earlier this week, the National Institute of Standards and Technology (NIST) released an updated version of SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” as well as a final public draft of SP 800-171A “Assessing Security Requirements for Controlled Unclassified Information.”
The update to SP 800-171 revised the November 2017 version with changes focused on clarifying that the publication’s system requirements “apply only to components of nonfederal systems that process, store, or transmit CUI [Controlled Unclassified Information], or that provide security protection for such components.” Meanwhile, the final public draft of SP 800-171A was released for public comment “to help shape the final publication.” This publication is intended to assist organizations in developing assessment plans and efficient security assessments of the requirements included in SP 800-171. Comments are due by March 23, 2018.
Each of the documents are available here.
Roddy Stieger is responsible for the contents of this Short Take.
© 2018 Jackson Kelly