This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Date Published: June 2019
Comments Due: August 2, 2019 (public comment period is CLOSED)
Email Questions to: email@example.com
Draft NIST SP 800-171B was developed in the spring of 2019 as a supplement to NIST SP 800-171. This new document offers additional recommendations for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations where that information runs a higher than usual risk of exposure. When CUI is part of a critical program or a high value asset (HVA), it can become a significant target for high-end, sophisticated adversaries (i.e., the advanced persistent threat (APT)). In recent years, these critical programs and HVAs have been subjected to an ongoing barrage of serious cyberattacks, prompting the Department of Defense to request additional guidance from NIST.
The enhanced security requirements are to be implemented in addition to the basic and derived requirements in NIST SP 800-171, since the basic and derived requirements are not designed to address the APT. The enhanced security requirements apply only to components of nonfederal systems that process, store, or transmit CUI or that provide protection for such components when the designated CUI is contained in a critical program or HVA. The enhanced security requirements are only applicable for a nonfederal system or organization when mandated by a federal agency in a contract, grant, or other agreement.
NOTE: A call for patent claims is included on page v of Draft SP 800-171B. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Draft SP 800-171B (pdf)
Draft SP 800-171B (with line numbers) (pdf)
Comment template for SP 800-171B (xlsx)
Comments received on SP 800-171B (@Protecting CUI Project)
DoD cost estimate of Draft SP 800-171B (pdf)
Submit/View comments on DoD cost estimate of Draft SP 800-171B
NIST news article