Tag Archives: CUI

NIST Draft Publication Outlines Assessment Procedures for CUI Enhanced Security Requirements


The National Institute of Standards and Technology (NIST) has issued a draft document outlining procedures that federal agencies and nonfederal organizations can use to assess enhanced security requirements for controlled unclassified information (CUI). The draft NIST Special Publication 800-172A seeks to help organizations develop evaluation plans and conduct assessments and includes procedures that can be used in self-assessments, government-sponsored assessments and independent third-party assessments.

Read More »

NDAA Announces New Cybersecurity Position, Training for DoD Contractors; Mark Esper, Jim Langevin Quoted

Mark Esper

The Pentagon has announced plans to develop a top cybersecurity position, National Cyber director, within the White House under an amendment to the House version of the 2021 National Defense Authorization Act (NDAA) that will create a National Cyber Director within the executive office of the president, Federal News Network reported on Monday.

Read More »

How COVID-19 Outbreak Affects DoD CMMC Implementation; Katie Arrington Quoted

Katie Arrington, 2020 Wash100 Award recipient and the chief information security officer for the Department of Defense (DoD) acquisition, stated that training of third party assessors for the Cybersecurity Maturity Model Certification (CMMC) program was slated to start in mid-April, but the coronavirus (COVID-19) outbreak may affect the projected implementation. 

Read More »

DoD Announced Designated “Protected Information” Under CMMC Regulations

In January, the U.S. Department of Defense released Version 1.0 of its Cybersecurity Maturity Model Certification framework. By 2026, DoD plans to require CMMC certification for all defense contracts. Contractors in the defense industry supply chain will be required to develop, assess, and augment cybersecurity practices.

Read More »

From NIST Information Security Guidelines to CMMC: What Do the New Regulations Entail?

With the Department of Defense’s (DoD) new security regulations around the corner, it is imperative for government contractors to stay up to date with how the guidelines and expectations have shifted from NIST SP 800-171 and NIST SP 800-53 to Cybersecurity Maturity Model Certification (CMMC).

Read More »

Ron Ross: NIST Awaits OMB Approval of Special Publication 800-53 Revision 5

Ron Ross, a National Institute of Standards and Technology fellow, said NIST is waiting for the Office of Management and Budget’s office of information and regulatory affairs to finish its final review and approve Special Publication 800-53, revision 5 to begin soliciting public comments on six cybersecurity documents, Federal News Network reported Tuesday.

Read More »

NIST Recommends New Practices for Unclassified Info Security

The National Institute of Standards and Technology has added new information security strategies in an existing recommendation document for nonfederal organizations. NIST said Wednesday that it released a companion draft containing new recommendations for the existing publication entitled Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

Read More »

Report: GSA’s Proposed Rule to Require Compliance With NIST’s Federal Data Protection Framework

The General Services Administration has introduced a proposed rule that would direct civilian contractors to comply with a National Institute of Standards and Technology framework that aims to protect controlled unclassified information in nonfederal data systems, Federal News Radio reported Monday. GSA will seek public comments on the proposed rule …

Read More »

NIST Issues Final Guidance on CUI Protection in Nonfederal Systems

The National Institute of Standards and Technology has finalized its guidance on how to implement measures to protect sensitive federal information in the hands of government contractors. NIST said Friday it worked with the National Archives and Records Administration to develop the “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” (NIST Special …

Read More »