From: NIST
NIST announces the Public Draft of Special Publication 800-171, Revision 1, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.
Draft Special Publication 800-171, Revision 1, represents a limited update to the original publication released in June 2015. In particular, this update includes:
- A clarification of the purpose and applicability statement;
- Minor clarifications, additions, and adjustments to selected CUI requirements;
- Guidance on the use of system security plans (SSPs) and plans of action and milestones (POAMs) to demonstrate the implementation or planned implementation of CUI requirements by nonfederal organizations;
- Guidance on federal agency use of submitted SSPs and POAMs as critical inputs to risk management decisions and decisions on whether or not to pursue agreements or contracts with nonfederal organizations;
- Additional definitions and terms for the glossary; and
- The implementation of hyperlinks to facilitate ease of use in navigating the document.
Both markup and clean copies of the draft publication are provided to facilitate a more efficient reviewing process. Please confine your review to only those sections of the publication that have changed since the original version was published in June 2015. Your feedback is important to us. We appreciate each and every contribution from our reviewers. The insightful comments from both the public and private sectors, nationally and internationally, continue to help shape the final publication to ensure that it meets the needs and expectations of our customers. The feedback obtained from this public review will be incorporated into a final publication targeted for release in the Fall 2016.
Public comment period: August 16 through September 16. Comments can be sent to: sec-cert@nist.gov.
Who is typically in charge of doing the gap analysis for 800-171 ?
Excellent post, great quality and most important all above mentioned point very useful actionable advice!