The IT Law Wiki
The IT Law Wiki

Citation[]

National Institute of Standards and Technology, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets (NIST Special Publication 800-171B) (June 2019) (full-text).

Overview[]

Draft NIST SP 800-171B was developed in the spring of 2019 as a supplement to NIST Special Publication 800-171. This new document offers additional recommendations for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations where that information runs a higher than usual risk of exposure. When CUI is part of a critical program or a high value asset (HVA), it can become a significant target for high-end, sophisticated adversaries (i.e., the advanced persistent threat (APT)). In recent years, these critical programs and HVAs have been subjected to an ongoing barrage of serious cyberattacks, prompting the Department of Defense to request additional guidance from NIST.