The National Institute of Standards and Technology made changes to its Special Publication 800-171 draft guidance, which sets rules and principles on the cybersecurity of controlled unclassified information in the hands of non-federal organizations.
The third draft revision is based on industry feedback, and includes the alignment of two other NIST publications to enable businesses to easily apply technical controls and meet desired cybersecurity outcomes, the institute said Wednesday.
NIST announced in February that it will update SP 800-171 to keep pace with updates to SP 800-53B, a list of technical tools and controls to help create resilient and secure federal information systems.
In the new version, the institute added state-of-practice cybersecurity controls, and amended criteria for developing security requirements.
“Protecting CUI, including intellectual property, is critical to the nation’s ability to innovate — with far-reaching implications for our national and economic security,” NIST Fellow Ron Ross commented. “We need to have safeguards that are sufficiently strong to do the job.”
NIST is open to public comments on the latest revisions until July 14. It plans to publish a final version of SP-800-171 in early 2024.
