Advertisement

NIST issues new draft guidance on handling sensitive information

The Commerce bureau is seeking public comments on the draft guidelines by July 14.
(NIST photo)

The National Institute of Standards and Technology has published new draft guidelines for the protection of sensitive unclassified information.

When implemented, the revised guidelines will govern how federal agencies handle the type of information known as controlled unclassified information (CUI).

All federal departments as well as federal contractors and subcontractors handling government data are required to follow the standards set by NIST.

According to Ron Ross, NIST fellow and one of the publication’s authors, the update is intended to provide more consistent information security guidelines to members of the defense industrial base and other government contractors.

Advertisement

“Many of the newly added requirements specifically address threats to CUI, which recently has been a target of state-level espionage,” he said. “We want to implement and maintain state-of-the-practice defenses because the threat space is changing constantly.”

Ross added: “We tried to express those requirements in a way that shows contractors what we do and why in federal cybersecurity. There’s more useful detail now with less ambiguity.” 

While controlled unclassified information is below the threshold of classified information, federal agencies have introduced new measures in recent years to better protect it. Notably, the DOD’s Cybersecurity Maturity Model Certification, once it takes effect, will require any defense contractors that handle CUI to meet certain NIST cybersecurity standards. And similar regimes could be coming to civilian agencies soon.

Last month the DOD’s Cybersecurity Maturity Model Certification program leader Stacy Bostjanick said a new Federal Acquisition Regulation rule would implement NIST’s special publication 800-171 and 800-172. The draft guidance published today is the third iteration of 800-171.

NIST is requesting public comments on the draft guidelines by July 14.

Latest Podcasts