NIST Draft Publication Outlines Assessment Procedures for CUI Enhanced Security Requirements

NIST Draft Publication Outlines Assessment Procedures for CUI Enhanced Security Requirements
Draft NIST SP 800-172A

The National Institute of Standards and Technology (NIST) has issued a draft document outlining procedures that federal agencies and nonfederal organizations can use to assess enhanced security requirements for controlled unclassified information (CUI). 

The draft NIST Special Publication 800-172A seeks to help organizations develop evaluation plans and conduct assessments and includes procedures that can be used in self-assessments, government-sponsored assessments and independent third-party assessments, NIST said Tuesday.

“The findings and evidence produced during the assessments can be used to facilitate risk-based decisions by organizations related to the CUI enhanced security requirements,” the document reads.

The assessment procedures are arranged into 10 families: access control; awareness and training; configuration management; identification and authentication; incident response; personnel security; risk assessment; security assessment; system and communications protection; and system and information integrity.

NIST is seeking input on the procedures, including the determination statements and assessment objectives, and the approach used to integrate organization-defined parameters into determination statements for assessment objectives.

Public comments are due June 11th.

You may also be interested in...

Artificial Intelligence

NSA’s Jason Wang: Intelligence Community to Need AI in the Future

Jason Wang, technical director of the National Security Agency's (NSA) Computer and Analytic Sciences Research Group, said he predicts the intelligence community will need artificial intelligence to protect U.S. networks in the future. Wang said at a virtual event on July 12th that intelligence community components need to pursue more partnerships to maximize capabilities against adversaries.