Senior Information Security Specialist, Information Technology Laboratory/Computer Security Division
National Institute of Standards and Technology
Controlled Unclassified Information (CUI) has the same value and potential adverse impact if compromised, whether such information is located in a federal or a nonfederal organization. NIST Special Publications (SPs) 800-171 and 800-172 provide recommended security requirements for protecting the confidentiality of CUI when the CUI is resident in nonfederal systems. The session will provide a brief synopsis on the history and development of SPs 800-171 and 800-172, the relationship between SP 800-171 and SP 800-172, and an overview of the guidance from the NIST perspective including a discussion of basic, derived, and enhanced security requirements.