Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: NIST finalizes guidelines for protecting sensitive information

On May 14, 2024, the National Institute of Standards (NIST) announced that it finalized guidelines for protecting 'controlled unclassified information' (CUI) in two publications, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171, Revision 3), and its companion, Assessing Security Requirements for Controlled Unclassified Information (NIST SP 800-171A, Revision 3).

NIST highlighted that before the update, the publications did not match the language of NIST's source catalog of security and privacy controls (NIST SP 800-53) and assessment procedures (NIST SP 800-53A). The update addresses this ambiguity and harmonizes NIST's cybersecurity guidance. NIST has also provided an analysis of changes that detail how the requirements have evolved. NIST stated that it intends to revise other supporting publications associated with protecting CUI of high-value assets and critical programs in the coming months. 

You can read the press release and the guidelines here.