NIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI)


To print this article, all you need is to be registered or login on

On July 19, 2022, the National Institute of Standards and
Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback
on improving its Controlled Unclassified Information (CUI) series
of publications. The comment period currently is open and scheduled
to close on September 16, 2022.

The CUI series at issue focuses on protecting the
confidentiality of CUI, including specific security controls to
achieve that objective. These publications currently form the basis
for contractor security requirements under Department of Defense
(DoD) regulations and the Cybersecurity Maturity Model
Certification (CMMC) program (discussed previously here). The CUI publications also are expected
to become requirements under civilian agency contracts in the near
future. Thus, this call for comments likely will lead to updated
security requirements impacting nearly all government

NIST plans to update the CUI series, beginning with Revision 3
of NIST SP 800-171 Protecting Controlled
Unclassified Information in Nonfederal Systems and
The CUI series also includes:

Since the initial publication of NIST SP 800-171 in June 2015,
there have been substantial changes in the cybersecurity
environment that impact the protection of CUI – including new
threats, vulnerabilities, capabilities, and technologies. Given
these changes, NIST specifically is seeking input from
organizations that already have implemented the CUI series,
specifically feedback on the following topics:

  • Use of the CUI series:Including how the CUI
    series currently is being used, how the CUI series interacts with
    other frameworks and standards, and how to improve alignment
    between the CUI series and other frameworks;
  • Updates for consistency with NIST SP 800-53 Revision 5
    and NIST SP 800-53B
    :Including the impact on usability if
    the CUI series were to be updated for consistency with these
  • Updates to improve usability and
    : Including features of the CUI series that
    should be changed, added, or removed; and
  • Other relevant topics in the development of the revised
    NIST SP 800-171 and its supporting publications.

With the comment period closing on September 16, 2022, it is
crucial for organizations that have experience with the current CUI
series to share their recommendations and help improve future
revisions to this series. Comments can be emailed to, and contractors
will be able to review all submitted comments on the Protecting CUI project site after September

* Lillia Damalouji is licensed in Maryland, pending admission in
Washington, D.C., working under the supervision of a D.C. Bar

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from United States

M&A In The FinTech Space-Comment

Katten Muchin Rosenman LLP

“FinTech M&A has become the second-largest area of emerging tech investment-according to FT Partners, there were 1,485 M&A deals in the FinTech space totalling $348.5bn in 2021.

Navigating Contractual Relationships In The NFT Market


Participants in the fast-moving – but legally uncertain – non-fungible token marketplace can maximize their business opportunities and mitigate risk by delineating their specific role early and clearly defining where their obligations begin …

Read More: NIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI)

Notify of
Inline Feedbacks
View all comments