This is a potential security issue, you are being redirected to https://csrc.nist.gov.
NIST announces the release of Special Publication 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (Final Public Draft). (NOTE: This draft has been since approved as final as of June 2015)
The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations. This publication provides federal agencies with recommended requirements for protecting the confidentiality of CUI: (i) when the CUI is resident in nonfederal information systems and organizations; (ii) where the CUI does not have specific safeguarding requirements prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category or subcategory listed in the CUI Registry; and (iii) when the information systems where the CUI resides are not operated by organizations on behalf of the federal government. The requirements apply to all components of nonfederal information systems and organizations that process, store, or transmit CUI, or provide security protection for such components. The CUI requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations.
The final draft of NIST Special Publication 800-171 contains some significant changes based on the comments received from both the public and private sectors. The changes include:
The final publication of SP 800-171 is targeted for June 2015 after the final public comment period. Questions? Send email to email@example.com. Comment period CLOSED on: May 12, 2015