Google Play icon

NIST Publishes Final Guidelines for Protecting Sensitive Government Information Held by Contractors

Posted June 22, 2015

The National Institute of Standards and Technology (NIST) has published the final version of its guidance for federal agencies to ensure that sensitive federal information remains confidential when stored in nonfederal information systems and organizations.

Contractors routinely process, store and transmit sensitive federal information to assist federal agencies in carrying out their core missions and business operations. Federal information is also shared with state and local governments, universities and independent research organizations.

To keep this information secure, Executive Order 13556 established the Controlled Unclassified Information (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection, such as personally identifiable information. The National Archives and Records Administration (NARA)administers the program. Information that qualifies as “controlled unclassified information” is defined by NARA in the CUI Registry, an extensive list of executive branch information that requires controls based on laws, regulations or government-wide policies.

To develop guidelines for protecting this information, NARA worked with NIST, the government’s source for computer security standards and guidelines.

The two organizations jointly drafted guidelines for protecting CUI on information systems outside the immediate control of the federal government and published them for public comment last fall.

The new document, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST Special Publication 800-171), is the final version of those guidelines.

The publication provides federal agencies with recommended requirements to protect the confidentiality of CUI residing in nonfederal systems and organizations consistent with law, regulation or government-wide policy.

The new guidelines are designed for federal employees with responsibilities for information systems development, acquisition, management and protection. The requirements apply to all components of nonfederal information systems and organizations that process, store or transmit CUI, or provide security protection for those components.

The guidelines are drawn from existing computer security requirements for federal information systems found in two of NIST’s foundational information security documents: Federal Information Processing Standard (FIPS)200 and the Security and Privacy Controls for Federal Information Systems and Organizations (NIST SP 800-53).

Source: NIST

Featured news from related categories:

Technology Org App
Google Play icon
83,396 science & technology articles

Most Popular Articles

  1. Bright Fireball Explodes Over Ontario, Meteorite Fragments Might Have Reached the Ground (August 5, 2019)
  2. Why older people smell the way they do? Japanese have even a special word for it (August 4, 2019)
  3. Moisturizers May Be Turning Your Skin Into ‘Swiss Cheese’ (5 days old)
  4. Terraforming the Surface of Mars with Silica Aerogel? (July 23, 2019)
  5. Swarm Autonomy Tested in Second Major DARPA OFFSET Field Experiment (August 8, 2019)

Follow us

Facebook   Twitter   Pinterest   Tumblr   RSS   Newsletter via Email