NIST Seeks Feedback on Revised Guidelines for Protecting Controlled Unclassified Information

The National Institute of Standards and Technology is seeking comments on the third revision of its draft guidelines for protecting controlled unclassified information. The changes made to the NIST Special Publication 800-171 aim to make it easier for federal agencies and government contractors to comply with cybersecurity requirements.

Draft updates include increased alignment of the security requirements in SP 800-171 Rev. 3 with the security and privacy controls catalog provided in SP 800-53 Rev. 5. Aligning the language of the publications will enable businesses to implement SP 800-53’s catalog of technical tools while achieving cybersecurity outcomes stated in SP 800-171, NIST said.

According to Ron Ross, a computer scientist and fellow at NIST, the latest document has more useful details and less ambiguity compared to the previous versions to help contractors keep pace with the changing threat space. He noted that many of the new requirements focused on addressing threats to CUI, which recently became the target of state-level espionage.

NIST will host a webinar on June 6 to discuss the SP 800-171 updates. Comments on the draft will be accepted until July 14.