NIST releases revised cyber requirements for controlled unclassified information>
Next Gov – Edward Graham
The National Institute of Standards and Technology (NIST) has released draft guidance for protecting sensitive unclassified information.
The proposed guidelines, the third iteration of NIST’s standards, aim to safeguard government-owned or created data known as controlled unclassified information (CUI).
The updates include drafts of security requirements and assessment procedures for evaluating threats to CUI.
NIST is seeking public comments on the drafts until January 12, 2024, and plans to publish the final rule in early 2024.
The requirements apply to nonfederal systems that process, store, transmit, or provide protection for CUI.
The latest iteration of 800-171 incorporates feedback received during the public comment period, resulting in significant changes such as combining security requirements with other requirements for consistency and ease of use.
The updated guidance is in line with the Defense Department’s efforts to enhance cyber requirements for the defense industrial base through the Cybersecurity Maturity Model Certification.
Compliance with NIST’s standards for safeguarding CUI is a requirement for defense firms under the certification program.
Link: https://www.nextgov.com/cybersecurity/2023/11/nist-releases-revised-cyber-requirements-controlled-unclassified-information/391904/