This is a potential security issue, you are being redirected to https://csrc.nist.gov.
NIST announces the release of Draft Special Publication 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (Initial Public Draft).
The protection of sensitive unclassified federal information while residing in non-federal information systems and environments of operation is of paramount importance to federal agencies. Compromises of this information can directly impact the ability of the federal government to successfully carry out its designated missions and business operations. This publication provides federal agencies with recommended requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) as defined by Executive Order 13556, when such information resides in non-federal information systems and organizations. The requirements apply to:
The CUI protection requirements were obtained from the security requirements and controls in FIPS Publication 200 and NIST SP 800-53, and then tailored appropriately to eliminate requirements that are:
Non-federal organizations include, for example: federal contractors; state, local, and tribal governments; and colleges and universities.
This publication is part of a larger initiative by the National Archives and Records Administration (NARA) to fulfill their responsibilities as Executive Agent for Executive Order 13556 for CUI. NARA has a three-part plan to help standardize the naming conventions and protection requirements for sensitive information (designated CUI) both within the federal government and when such information resides in non-federal information systems and organizations. NARA’s plan includes:
Please send comments to firstname.lastname@example.org with "Comments Draft SP 800-171” in the subject line. Comments will be accepted through January 16, 2015.