NIST Releases Third Revision of Cyber Requirements for Contractors Dealing With Sensitive Information

The National Institute of Standards and Technology aims to release a guideline on protecting sensitive unclassified information that introduces a “balanced, strong starting point” for federal agencies and government contractors.

At an industry summit on Wednesday, Victoria Yan  Pillitteri, manager of NIST’s security engineering and risk management group, said the next version of NIST Special Publication 800-171 aims to make it easier for businesses to tailor the recommended practices to their processes.

The draft released Thursday marks the third time the guidance is revamped, Nextgov/FCW reported.

In May, the non-regulatory federal agency sought public comment on revising the guideline, aiming to align the security requirements with the security and privacy control catalog. Efforts to update the document aim to provide a clearer guide that addresses the rapidly evolving cybersecurity landscape. It is also part of the Department of Defense’s effort to enhance the Cybersecurity Maturity Model Certification, its set of requirements for defense contractors.

NIST special publication 800-171 offers recommended practices for federal and nonfederal organizations to better protect controlled unclassified information. Defense contractors are expected to meet the requirement to prove their capability to safeguard sensitive information.