The National Institute of Standards and Technology has released a draft publication that outlines requirements for the protection of unclassified information in nonfederal systems, GCN reported Friday.
The guidance applies to information stored in the systems of contractors, state, local and tribal governments as well as academic institutions, according to the report.
GCN reports NIST’s document recommends limits on information system access to authorized users and devices, training of users, creation and retention of audit records, retention of baseline configurations, authentication of users, establishment of an incident response system and tool maintenancs.
The draft also proposes measures to protect media files, secure physical access to information systems, screen individuals accessing the system, evaluate organizational risks, protect communications and identify vulnerabilities, GCN reports.
NIST intends for the guidance to comply with the National Archives and Records Administration‘s initiative to standardize naming conventions and protection requirements for data, according to the report.