NIST Release of Cyber Requirements for Controlled Unclassified Information in Nonfederal Systems and Organizations

The National Institute of Standards and Technology (NIST) has released a new draft of cybersecurity requirements aimed at protecting sensitive unclassified information in non-Federal systems, including those used by government contractors. This update, the third iteration of NIST special publication 800-171, follows a year of data collection and public feedback. The revisions include combining security requirements for consistency, eliminating control tailoring categories for non-Federal organizations, and refining security requirements for protecting controlled unclassified information. Federal agencies are provided with recommended security measures for safeguarding such information in non-Federal systems. The public can offer comments until January 12, 2024, with the final rule expected in early 2024.

Read more here: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r3.fpd.pdf