The National Institute of Standards and Technology is seeking comments on the initial public draft of its proposed protection measures on the confidentiality of controlled unclassified information, or CUI, of high asset value or critical in nonfederal systems.
The measures are designed for federal agencies’ screening of agreements or contracts with nonfederal organizations, NIST said Wednesday. The draft’s recommendations strengthen organizations’ defense capability against advanced persistent threats and help ensure system resilience, the agency added.
Stronger Countermeasures Against Cyberattacks
Compiled in the NIST Special Publication 800-172r3, titled “Enhanced Security Requirements for Protecting Controlled Unclassified Information,” the proposed mechanisms include additional and stronger countermeasures based on the latest threat intelligence and cyberattack data.
New security requirements were also included for consistency with NIST’s updated guidance on CUI protection, released in May. The new measures in the public draft cover planning, system and services acquisition, and supply chain risk management. In addition, the draft further spelled out security requirements to clear ambiguity and pave the way for better implementation.
Comments on the draft are open for submission to [email protected] until Jan. 10, 2025.