Federal agencies have taken numerous actions to protect against the threat of cyberattacks. Those actions include measures designed to protect Controlled Unclassified Information (CUI) held on information systems outside the federal government.
Standards promulgated by the National Institute of Standards and Technology (NIST) in Special Publication (SP) 800-171 have been incorporated in regulations and government contracts as the baseline standards for protecting CUI on non-federal (i.e., contractor or grantee) systems.
This past spring, in response to concerns about emerging and existent advanced persistent threats (APT) NIST released a new set of standards in SP 800-171B. SP 800-171B will supplement the baseline requirements contained in SP 800-171 by enhancing cybersecurity requirements for a small number of businesses — those that handle high value assets or participate in critical programs on a contract-by-contract basis.
But if history is an indication of the future, more companies may find themselves bound by these additional cybersecurity requirements. The public comment period for SP 800-171B concluded on August 2, 2019 and an updated version of that publication should be forthcoming.
AddThis Sharing Buttons
Share to FacebookShare to TwitterShare to PrintShare to EmailShare to More