NIST Draft Publication Outlines Assessment Procedures for CUI Enhanced Security Requirements

NIST Draft Publication Outlines Assessment Procedures for CUI Enhanced Security Requirements
Draft NIST SP 800-172A

The National Institute of Standards and Technology (NIST) has issued a draft document outlining procedures that federal agencies and nonfederal organizations can use to assess enhanced security requirements for controlled unclassified information (CUI). 

The draft NIST Special Publication 800-172A seeks to help organizations develop evaluation plans and conduct assessments and includes procedures that can be used in self-assessments, government-sponsored assessments and independent third-party assessments, NIST said Tuesday.

“The findings and evidence produced during the assessments can be used to facilitate risk-based decisions by organizations related to the CUI enhanced security requirements,” the document reads.

The assessment procedures are arranged into 10 families: access control; awareness and training; configuration management; identification and authentication; incident response; personnel security; risk assessment; security assessment; system and communications protection; and system and information integrity.

NIST is seeking input on the procedures, including the determination statements and assessment objectives, and the approach used to integrate organization-defined parameters into determination statements for assessment objectives.

Public comments are due June 11th.

You may also be interested in...

Government

GAO: DOD Should Fill Gaps in Small Business Strategy

The Government Accountability Office (GAO) advises the Department of Defense (DOD) to develop an implementation plan, policy and a formal monitoring process for the DOD Small Business Strategy. Congress, in 2019, tasked DOD to create a strategy that will guide how the department handles small business programs, GAO said Thursday.