From: National Defense
Ahead of the Dec. 31 deadline for federal defense contractors to implement National Institute of Standards and Technology Special Publication 800-171, NIST released Draft Special Publication 800-171A, “Assessing Security Requirements for Controlled Unclassified Information.” This draft publication is designed to assist organizations in assessing compliance under SP 800-171.
Currently, there is no regulation or statute that imposes the draft on contractors. Rather, the draft publication is intended as guidance for organizations — both government and contractors — in developing assessment plans and conducting “efficient, effective and cost-effective” assessments of the implementation of security controls required by SP 800-171. The draft publication does not prescribe specific, required assessment procedures. Instead, it provides a series of “flexible and tailorable” procedures that organizations could use for conducting assessments with each security control.
Leave a Reply