Do Business With the Federal Government? Here’s a 2022 Cybersecurity Recap: Part Two – NIST SP 800-171, Revision 3

Sheppard Mullin Richter & Hampton LLP
Contact

Sheppard Mullin Richter & Hampton LLP

In this second in our series, we look at the long awaited update to NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” which is expected to be released in late spring 2023. NIST SP 800-171 forms the backbone for contractor security requirements in Department of Defense regulations and the CMMC program. It remains unclear if this update will impact the rollout of the CMMC program. 

The National Institute of Standards and Technology (NIST) sought feedback in July 2022 on improvements to NIST SP 800-171 and the related CUI series of publications. It released an analysis of the public feedback in November 2022. According to NIST, the update will align requirements with NIST SP 800-53, Revision 5 and include an overlay of CUI security requirements to NIST SP 800-53. 

Putting it Into Practice – What to Expect in 2023: We expect to see further efforts to adopt a government-wide regulation protecting Controlled Unclassified Information, based on NIST SP 800-171, in the Federal Acquisition Regulations (FAR). Contractors subject to DoD regulations should continue to monitor for updates to the NIST CUI series and ensure ongoing compliance with these standards.

Written by:

Sheppard Mullin Richter & Hampton LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide