• Joshua Duvall

NIST Publishes Minor Revisions to SP 800-171

Today, the National Institute of Standards and Technology ("NIST") published Special Publication 800-171, Revision 2Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.

According to the press release, NIST SP 800-171 Rev. 2 contains only minor editorial changes and does not change any of the basic and derived security requirements under the framework:

  • Revision 2 provides minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and References appendices. There are no changes to the basic and derived security requirements in Chapter Three.

As many defense contractors are aware, NIST SP 800-171 contains the security controls that contractors must currently self-certify compliance with when their contracts include DFARS 252.204-7012Safeguarding Covered Defense Information and Cyber Incident Reporting.

NIST SP 800-171 also serves as a foundational element in the Department of Defense's new CMMC framework (i.e., contractors assessed at CMMC Level 3 will be compliant with NIST SP 800-171). When the CMMC is fully implemented, all defense contractors will be required to obtain a third-party assessment of their cybersecurity posture to be eligible to compete for defense contracts.

NIST SP 800-171 Rev. 2.

. . .

#govconjudicata #cyberjudicata #nist

Recent Posts

See All

DoD Issues Proposed Rule on Enhanced Debriefings

Today, the Department of Defense ("DoD") published its long-awaited proposed rule on enhanced postaward debriefings as provided under Section 818 of the National Defense Authorization Act for Fiscal Y

SBA Extends HUBZone Map Freeze Through June 2023

Today, the U.S. Small Business Administration ("SBA") published a direct final rule to extend the Historically Underutilized Business Zone ("HUBZone") program map freeze until June 30, 2023. SBA's pr