"NIST Revises SP 800-171 Guidelines for Protecting Sensitive Information"

The National Institute of Standards and Technology (NIST) has updated its draft guidelines for protecting sensitive unclassified information to help federal agencies and government contractors implement cybersecurity requirements more consistently. "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations" (NIST Special Publication [SP] 800-171 Revision 3) will be of particular interest to businesses with federal contracts. The SP 800-171 security requirements are referenced in federal rules governing the protection of Controlled Unclassified Information (CUI), which includes sensitive data such as health information, critical energy infrastructure information, and intellectual property. Systems that store CUI typically support government programs containing critical assets. The changes are intended to help organizations understand how to implement the specific cybersecurity safeguards outlined in a closely related NIST publication, SP 800-53 Rev. 5. The authors have aligned the terminology of the two documents so that organizations can more easily use SP 800-53's catalog of technical tools, or "controls," to achieve SP 800-171's cybersecurity outcomes. According to Ron Ross of NIST, the update is intended to help maintain consistent defenses against high-level information security threats. This article continues to discuss NIST's update of its draft guidelines for protecting sensitive unclassified information. 

NIST reports "NIST Revises SP 800-171 Guidelines for Protecting Sensitive Information"