Example Track 1

Protecting Sensitive, but Unclassified, Data

May 19, 2021

10:15 AM - 10:40 AM

Kelley Dempsey

Senior Information Security Specialist, Information Technology Laboratory/Computer Security Division

National Institute of Standards and Technology

Controlled Unclassified Information (CUI) has the same value and potential adverse impact if compromised, whether such information is located in a federal or a nonfederal organization. NIST Special Publications (SPs) 800-171 and 800-172 provide recommended security requirements for protecting the confidentiality of CUI when the CUI is resident in nonfederal systems. The session will provide a brief synopsis on the history and development of SPs 800-171 and 800-172, the relationship between SP 800-171 and SP 800-172, and an overview of the guidance from the NIST perspective including a discussion of basic, derived, and enhanced security requirements.