To print this article, all you need is to be registered or login on Mondaq.com.
On July 19, 2022, the National Institute of Standards and
Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback
on improving its Controlled Unclassified Information (CUI) series
of publications. The comment period currently is open and scheduled
to close on September 16, 2022.
The CUI series at issue focuses on protecting the
confidentiality of CUI, including specific security controls to
achieve that objective. These publications currently form the basis
for contractor security requirements under Department of Defense
(DoD) regulations and the Cybersecurity Maturity Model
Certification (CMMC) program (discussed previously here). The CUI publications also are expected
to become requirements under civilian agency contracts in the near
future. Thus, this call for comments likely will lead to updated
security requirements impacting nearly all government
contractors.
NIST plans to update the CUI series, beginning with Revision 3
of NIST SP 800-171 Protecting Controlled
Unclassified Information in Nonfederal Systems and
Organizations. The CUI series also includes:
Since the initial publication of NIST SP 800-171 in June 2015,
there have been substantial changes in the cybersecurity
environment that impact the protection of CUI – including new
threats, vulnerabilities, capabilities, and technologies. Given
these changes, NIST specifically is seeking input from
organizations that already have implemented the CUI series,
specifically feedback on the following topics:
- Use of the CUI series:Including how the CUI
series currently is being used, how the CUI series interacts with
other frameworks and standards, and how to improve alignment
between the CUI series and other frameworks;
- Updates for consistency with NIST SP 800-53 Revision 5
and NIST SP 800-53B:Including the impact on usability if
the CUI series were to be updated for consistency with these
guidelines;
- Updates to improve usability and
implementation: Including features of the CUI series that
should be changed, added, or removed; and
- Other relevant topics in the development of the revised
NIST SP 800-171 and its supporting publications.
With the comment period closing on September 16, 2022, it is
crucial for organizations that have experience with the current CUI
series to share their recommendations and help improve future
revisions to this series. Comments can be emailed to 800-171comments@list.nist.gov, and contractors
will be able to review all submitted comments on the Protecting CUI project site after September
16.
* Lillia Damalouji is licensed in Maryland, pending admission in
Washington, D.C., working under the supervision of a D.C. Bar
Member.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States
Read More: NIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI)
