NIST Issues Final Guidance on Federal Contractor Cybersecurity Standards for Controlled Unclassified Information
Source: Government Contracts, Investigations & International Trade Blog, Article written by Alexander Major, published June 23, 2015
On June 19, 2015, the National Institute of Standards and Technology (“NIST”) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal systems. The guidelines, Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, apply to nonfederal information systems and organizations that process, store, or transmit federal controlled unclassified information, or “CUI,” and match the guidelines published for public comment last fall. The new guidance is step two in a three-part plan with the National Archives and Records Administration (“NARA”), discussed in last month’s blog, to ensure the confidentiality of sensitive federal information no matter where it is stored. As data breaches continue to make near-daily news, federal contractors not using the “recommendations” laid out in SP 800-171 would be wise to take another look, as they contain, more than ever, the Government’s express expectations of how it wants its information protected.
Built upon existing computer security requirements for federal information systems, Federal Information Processing Standard (“FIPS”) 200 and the Security and Privacy Controls for Federal Information Systems and Organizations (NIST SP 800-53), the final guidelines are designed to assist federal agencies in the negotiation of information system contracts and agreements where CUI will be stored and processed outside of the Federal Government, including federal contractors; state, local and tribal governments; as well as colleges and universities.
Read the full story at http://www.governmentcontractslawblog.com/2015/06/articles/cybersecurity/alert-nist-issues-final-guidance-on-federal-contractor-cybersecurity-standards-for-controlled-unclassified-information/
For help with Government Contracting: contact your nearest Procurement Technical Assistance Center (PTAC). Funded through Cooperative Agreements between the U.S. Department of Defense and state and local governments/institutions, PTACs provide free and low-cost assistance in virtually all areas of government contracting.