From: Venable, LLP
Government contractors who think cyber and information security applies only to classified or Department of Defense (DoD) contracts take note: a new set of standards is on the horizon. The National Institute of Standards and Technology (NIST) will soon be finalizing its new Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, after fielding comments and questions on its latest draft.
NIST has recommended that agencies use SP 800-171, once finalized, to govern how contractors safeguard controlled unclassified information (CUI). The security requirements used in safeguarding CUI will be grouped into families including, among others:
- Access control: which generally limits system access to authorized users;
- Awareness and training: which generally alerts employees to information security risks;
- Incident response: which involves developing operations to prepare for, detect, analyze, contain, recover from, and respond to incidents affecting information; and
- Personnel security: which involves screening individuals before granting them access to information systems with CUI.
What Are Nonfederal Information Systems and Organizations and Why Is NIST Focusing On Them Now?
Leave a Reply