The National Institute of Standards and Technology (NIST) is responsible for developing information security standards and guidelines—including minimum requirements for federal information systems. At the end of February, NIST released its Final Draft of Special Publication (SP) 800-171A—Assessing Security Requirements for Controlled Unclassified Information.

First proposed in November 2017, the publication means to provide agencies and contractors with guidance regarding how to conduct assessments under the prominent cybersecurity standard NIST SP 800-171—Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This standard acts as the foundation for how contractors must protect all forms of Controlled Unclassified Information (CUI).

Continue Reading Final Draft of NIST SP 800-171A Still Open for Comments