NIST Releases Security Guidance Updates for Controlled Unclassified Information

The National Institute of Standards and Technology has revised its guidelines for protecting controlled unclassified information to make cybersecurity procedures clearer and easier for federal agencies and government contractors to navigate. 

The updated guidance comes in NIST Special Publication 800-171 Rev. 3, titled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” and NIST SP 800-171A, Rev. 3 on “Assessing Security Requirements for Controlled Unclassified Information.” 

The updates harmonize in-house cybersecurity protocols and present a clear view of security requirements by resolving previous language mismatches from their source catalogs, the NIST said.

According to Ron Ross, a NIST fellow and a computer scientist, the updates considered the public inputs solicited by the institute in May 2023 and followed suggestions on machine-readable CUI guidance for quicker access and more efficient use. 

The NIST has made alternate formats of the documents, including JSON and Excel, available through its Cybersecurity and Privacy Reference Tool. CUI processors can also access an analysis of the changes NIST made to help them determine if compliance has been met. 

The institute next plans to update its other support publications on CUI protection related to high-value assets and critical programs.