The National Institute of Standards and Technology is updating its guidance on protecting the confidentiality of controlled unclassified information to include insights gathered from industry.
NIST said Wednesday it is considering several changes to its Special Publication 800-171 outlining cybersecurity requirements and standards for non-federal organizations that handle non-classified government data.
Among the proposed changes are the withdrawal of outdated and redundant requirements and addition of new standards based on updates to the moderate security control baselines in SP 800-53B.
Industry partners also recommended revising the structure of the document’s acronyms, glossary and references sections for greater clarity; streamlining the introduction and fundamentals portions; and changing key words and terms to remain consistent and achieve greater clarity.
NIST announced its intent to update its series of special publications in July 2022 and subsequently requested industry input to gather insights on streamlining the security requirements.
