Background - News & Events (Landing) 2016
All Alerts & Newsletters

Double Whammy: NIST Unveils Draft Enhanced Security Requirements and Revisions to NIST SP 800-171

Jun.21.2019

The National Institute of Standards and Technology (NIST) has released drafts of NIST SP 800-171 Revision 2 and a companion standard NIST SP 800-171B, designed to protect Controlled Unclassified Information (CUI) from advanced persistent threats (APTs). 800-171B details 33 “enhanced” controls, reflecting core principles of penetration resistance, damage-limiting operations, and resiliency. Specific controls include those related to segregation, hunt teams, AI-enabled tools, IoT security, and supply chain – some of which arguably do not have firm industry definitions.

Unlike the non-substantive updates to Revision 2, 800-171B will apply only to contractors handling CUI that the government determines is part of a “critical program” or is a “high value asset.” A cost estimate from the Department of Defense – expected to quickly implement 800-171B – anticipates that less than one percent of its contractors will be impacted but that (allowable) costs could exceed $1 million.

Comments for all three documents are due July 19, 2019. 

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Evan D. Wolff
Partner – Washington, D.C.
Phone: +1 202.624.2615
Email: ewolff@crowell.com
Maida Oringher Lerner
Senior Counsel – Washington, D.C.
Phone: +1 202.624.2596
Email: mlerner@crowell.com
Kate M. Growley, CIPP/G, CIPP/US
Counsel – Washington, D.C.
Phone: +1 202.624.2698
Email: kgrowley@crowell.com
Michael G. Gruden, CIPP/G
Associate – Washington, D.C.
Phone: +1 202.624.2545
Email: mgruden@crowell.com