NIST Finalizes Updated Guidelines for Protecting Sensitive Information

5-31

NIST Finalizes Updated Guidelines for Protecting Sensitive Information

/ Fri, 05/31/2024 - 03:00

The National Institute of Standards and Technology (NIST) has finalized its updated guidelines for protecting this data, known as controlled unclassified information (CUI), in two publications: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171, Revision 3), and its companion, Assessing Security Requirements for Controlled Unclassified Information (NIST SP 800-171A, Revision 3). 

 

These guidelines require organizations to safeguard CUI such as intellectual property and employee health information. Systems that process, store and transmit CUI often support government programs involving critical assets, such as weapons systems and communications systems, which are potential targets for adversaries. 

 

In the coming months, NIST plans to revise other supporting publications on protecting CUI associated with high-value assets and critical programs. These forthcoming updates will include NIST SP 800-172 (enhanced security requirements) and NIST SP 800-172A (enhanced security requirement assessments). 

 

Read more about the release at the NIST Computer Security Resource Center.

Reference: NIST

The Cyber Security Council receives information about information security incidents, phishing attempts, malware and vulnerabilities.

Report Cyber issue