Header image

NIST Revises Guidelines on Safeguarding Controlled Unclassified Information

New guidelines are available for download, including in machine readable formats.

NIST has updated guidelines for the protection of federal government sensitive data, for consistency and ease of use.

Guidelines for protecting controlled unclassified information (CUI) is now published in two publications: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171, Revision 3), and Assessing Security Requirements for Controlled Unclassified Information (NIST SP 800-171A, Revision 3).

These guidelines require organizations to safeguard CUI such as intellectual property and employee health information. Systems that process, store and transmit CUI often support government programs involving critical assets, such as weapons systems and communications systems, which are potential targets for adversaries. 

NIST’s Ron Ross, one of the publications’ authors, said the previous wording of the documents did not match the language of the source catalogs, potentially creating ambiguity in the security requirements and uncertainty in security requirement assessments.  “This update is a significant step toward that goal,” he said.

“For the sake of our private sector customers, we want our guidance to be clear, unambiguous and tightly coupled with the catalog of controls and assessment procedures used by federal agencies.”

Ross said the updated also adopt machine-readable formats, such as JSON and Excel, to benefit cybersecurity tool developers and implementing organizations.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.