Return to Info Bytes List

Info Byte Detail

GovWin: NIST Finalizes CUI Protection Guidelines

GovWin IQ analyst Tina Barton wrote a synopsis of NIST SP 800-171 (Rev. 3), “Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.”

According to Barton:

“The final version added new cybersecurity requirements, reduced existing controls by 14% and realigned security requirements more specifically to assessment procedures making it easier for federal organizations and government contractors to follow.”

SP 800-171 Rev. 3 removed 33 security requirements, added 19 new cybersecurity requirements for non-federal systems, and made 97 security requirement changes (46 of which were significant). The standard also added 49 new Organization-Defined Parameters (ODPs) to increase alignment with NIST SP 800-53. 

Barton’s summary lists the major changes in Rev. 3 and includes background on the SP 80-171. She also describes the implications for government contractors.  The summary is publicly available without subscription.

Info Byte Source:

Other Recent Info Bytes

This field is for validation purposes and should be left unchanged.

Pin It on Pinterest