NIST Draft Publication Outlines Assessment Procedures for CUI Enhanced Security Requirements

1 min read
Draft NIST SP 800-172A

The National Institute of Standards and Technology (NIST) has issued a draft document outlining procedures that federal agencies and nonfederal organizations can use to assess enhanced security requirements for controlled unclassified information (CUI). 

The draft NIST Special Publication 800-172A seeks to help organizations develop evaluation plans and conduct assessments and includes procedures that can be used in self-assessments, government-sponsored assessments and independent third-party assessments, NIST said Tuesday.

“The findings and evidence produced during the assessments can be used to facilitate risk-based decisions by organizations related to the CUI enhanced security requirements,” the document reads.

The assessment procedures are arranged into 10 families: access control; awareness and training; configuration management; identification and authentication; incident response; personnel security; risk assessment; security assessment; system and communications protection; and system and information integrity.

NIST is seeking input on the procedures, including the determination statements and assessment objectives, and the approach used to integrate organization-defined parameters into determination statements for assessment objectives.

Public comments are due June 11th.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Government Technology

The Ultimate Guide to Winning Government Contracts Let us show you how top executives are winning so you can replicate it