On August 16, 2016, the National Institute for Standards and Technology (NIST) released draft revisions to Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (SP 800-171 Rev. 1). The most substantive change to the publication involves the addition of a new standard, PL-2 (System Security Plan). The standard requires the use of a formal system security plan for entities employing NIST 800-171 to articulate, among other details, how the cybersecurity controls required under NIST 800-171 are implemented. Rules governing control of certain federal information (including those governing "covered defense information" and "controlled unclassified information") rely on NIST 800-171 to articulate the controls required for systems processing, storing, or transferring covered information. NIST accepted public comment on the revision until September 16, 2016, and a final revision is expected soon.