Search
Close this search box.
A person using a laptop on a wooden table touches a glowing padlock icon on a semi-transparent interface displaying CMMC icons and login credentials. The dark background highlights the interface, emphasizing cybersecurity and data security.

SP 800–171 Guidelines for Sensitive Information

SP 800–171 Guidelines for Sensitive Information Protection are revised by NIST

Credit: Acts/Shutterstock Data Stock

An effort to assist federal agencies and government contractors in more consistently implementing cybersecurity requirements, the National Institute of Standards and Technology ( NIST ) has updated its draft guidelines for safeguarding sensitive unclassified information.

The tens of thousands of companies that work with the federal government will be particularly interested in the updated draft guidelines, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations ( NIST Special Publication]SP] 800- 171 Revision3.

Refer to the SP 800- 171 security requirements for federal regulations governing the protection of controlled unclassified information ( CUI), which includes sensitive data like health information, information about critical energy infrastructure, and intellectual property.

Government programs containing important assets, such as the design requirements for space systems, communications networks, and weapons systems are frequently supported by systems that storeCUI.

The modifications are meant to aid these companies in better comprehending how to put the specific cybersecurity safeguards described in SP 800-53 Rev., a closely related NIST publication. 5.

To make it easier for businesses to use SP 800-53’s list of technical tools, or” controls,” to achieve the cybersecurity outcomes of SP 800-171, the authors have unified the language of the two publications. &nbsp,

The update, according to Ron Ross of NIST, is intended to support ongoing defenses against serious threats to information security. &nbsp,

Threats to CUI, which has recently been the target of state-level espionage, are specifically addressed by many of the recently added requirements.

The threat space is constantly changing, so we need to implement and maintain state-of-the-practice defenses, according to Ross, a NIST Fellow and one of the publication’s authors. ” We made an effort to convey those requirements in a way that demonstrates our work in federal cybersecurity to contractors.” Now that there is less ambiguity and more useful detail,

By July 14, 2023, NIST wants feedback from the general public on the draft guidelines.

The draft has undergone notable changes, including &nbsp,

  • modifications made to take cybersecurity controls into account,
  • NIST’s revised standards for creating security requirements,
  • increased security requirement specificity and alignment in SP 800–171 Rev. 3 with a SP 800-53 Rev. 5, to support evaluation and implementation, and
  • additional tools to aid implementers in comprehending and evaluating the suggested updates. &nbsp,

Ross stated that the modifications ‘ ultimate objective was to improve the requirements while streamlining the NIST cybersecurity publication ecosystem. &nbsp,

The ability of the country to innovate depends on protecting CUI, including intellectual property, which has significant ramifications for both our national and economic security, according to him. ” We require safeguards that are strong enough to carry out the job,”&nbsp

Additionally, NIST plans to release at least one more SP 800- 171 Rev draft. 3 prior to the early 2024 publication of the final. The authors intend to update the supporting NIST publications on safeguarding controlled unclassified information, including SPs 800- 171A ( security requirement assessment ), SP 800– 172 ( enhanced security requirements ), and SP-800-172A, after the final version is published. &nbsp,

To discuss the modifications made to SP 800- 171, NIST is organizing a webinar for June 6, 2023. Next week, the Protecting CUI project site will post the registration information.

A Note on progress…NIST’s Digital Identity GuidelineWhat is Controlled Unclassified Information (CUI)?

(Opens in a new browser tab)

DFARS and CMMC Compliance for Defense Contractors

(Opens in a new browser tab)Celebrating Cybersecurity Awareness Month with NIST and our blog series for cybersecurity awareness month 2023

(Opens in a new browser tab)NIST identifies the types of cyberattacks that affect AI systems ‘ behavior.

(Opens in a new browser tab)(Opens in a new browser tab)

Lean More About DoD Cybersecurity, Cyber Threats and Related Contents

Learn why IDShield offers the best security and value.

www.sentrypc.com

PureVPN - Best VPN and Your Trusted Partner for Internet Freedom

🔥BIG SAVINGS 82% Off PureVPN.🔥 Secure Your Online Privacy Now. LIMITED OFFER!

🔥 SAVE 82% OFF 🔥 on PureVPN! Limited Offer – Enhance Your Digital Security Today.
Click To View Offer on PureVPN Website

NordVPN - Your Passport to Unrestricted Freedom

Embrace Digital Freedom and Security with NordVPN.
🔥Up To 63% Off🔥

Start Today Your Journey to a Safer Internet Today!
Click To View Offer on NordVPN Website

Protect Your Data with DeleteMe the Go-To-Solution

DeleteMe is Your Guardian Against Identity Theft and Online Exposure!
🔥Take 20% Off - Click Here to View Code🔥
Malwarebytes Browser Guard filters out annoying ads and scams while blocking trackers that spy on you.
Malwarebytes for Home | Anti-Malware Premium | Free Trial Download
Try Ultahost - The best place to get secure, inexpensive shared web hosting services!
View deals and specials on Used Macs, Mac hardware, Mac accessories, and more. Shop now!

DoD Cybersecurity protecting your digital world one secure step at a time with DoD Cybersecurity Blogs.
DoDCybersecurityblogs.com | All Rights Reserved | Designed by Omar Solomon

Skip to content