On November 9, 2023, the National Institute of Standards and Technology (“NIST”) released the Final Public Draft (“FPD”) of Special Publication (“SP”) 800-171 Revision (“Rev.”) 3, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” and the Initial Public Draft of NIST SP 800-171A Rev 3, “Assessing Security Requirements for Controlled Unclassified Information.” The FPD of SP 800-171 Rev. 3 condenses several control requirements from the initial public draft while adding new requirements under existing controls. The initial draft of SP 800-171A now aligns with SP 800-171 Rev. 3 and includes more detailed assessment procedures than its predecessor. Changes in both documents forecast the evolving compliance requirements for organizations required to safeguard Controlled Unclassified Information (“CUI”).Continue Reading The Holidays Come Early: NIST Unwraps Final Draft Revision 3 to NIST SP 800-171
data privacy
Cybersecurity and Data Privacy in 2013: Contracting in a Time of Increased Scrutiny
2013 has been a historic year for cybersecurity, privacy and data breach issues. From the President’s Executive Order, to the revised NIST security & privacy controls, and to the groundbreaking Mandiant report on cyber espionage, the pressure is on for companies to secure their handling of sensitive data.
In order to mitigate the risk of data breach, cyber theft, and the loss of trade secrets and other intellectual property, both the government agencies and private companies need to understand the sector-specific rules and requirements for information security, privacy, and data protection. Only after the rules of the road are fully understood can agencies and contractors implement policies to mitigate the risks posed by cyber threats.
Continue Reading Cybersecurity and Data Privacy in 2013: Contracting in a Time of Increased Scrutiny