×

Get the Best GovCon News Straight to your Inbox

Cybersecurity

NIST Issues Guidance on Assessing Protections for Sensitive Information

Controlled unclassified

information

NIST Issues Guidance on Assessing Protections for Sensitive Information

The National Institute of Standards and Technology has provided guidance on how agencies can evaluate how well they protect controlled unclassified information.

According to NIST, controlled unclassified information can directly impact the federal government’s ability to conduct critical missions and functions.

NIST’s new Special Publication 800-172A specifically includes steps for assessing the implementation of SP 800-172, which contains more advanced controls intended to supplement basic ones.

The most recent guidance is voluntary for the private sector and will only apply to national security systems if approval is granted by the appropriate agency, FedScoop reported Tuesday.

SP 800-172 includes procedures for areas such as access control, awareness training, audit and accountability, configuration management, identification and authentication and incident response.

In SP 800-172A, NIST recommended building an assurance case to prove that security procedures are being implemented. The assurance case should be based on a body of evidence drawn from sources such as self-assessments, independent third-party assessments and government-sponsored assessments. 

NIST said that the type of assessment depends on an organization’s needs and the type of systems it uses. 

The agency added that such assessments will also prove or disprove vendor claims about the security of consumer-grade information technology products, which are typically evaluated by commercial testing organizations. 

Assessors, which may be system developers, system owners, evaluators, auditors or security staffers, can also build on existing pieces of evidence gathered throughout the system deployment process, NIST said.

GovCon Wire Logo

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Category: Cybersecurity

Tags: assessment Controlled Unclassified Information cybesecurity FedScoop guidance NIST SP 800-172 SP 800-172A

The Ultimate Guide to Winning Government Contracts Let us show you how top executives are winning so you can replicate it