Double Whammy: NIST Unveils Draft Enhanced Security Requirements and Revisions to NIST SP 800-171
Client Alert | 1 min read | 06.21.19
The National Institute of Standards and Technology (NIST) has released drafts of NIST SP 800-171 Revision 2 and a companion standard NIST SP 800-171B, designed to protect Controlled Unclassified Information (CUI) from advanced persistent threats (APTs). 800-171B details 33 “enhanced” controls, reflecting core principles of penetration resistance, damage-limiting operations, and resiliency. Specific controls include those related to segregation, hunt teams, AI-enabled tools, IoT security, and supply chain – some of which arguably do not have firm industry definitions.
Unlike the non-substantive updates to Revision 2, 800-171B will apply only to contractors handling CUI that the government determines is part of a “critical program” or is a “high value asset.” A cost estimate from the Department of Defense – expected to quickly implement 800-171B – anticipates that less than one percent of its contractors will be impacted but that (allowable) costs could exceed $1 million.
Comments for all three documents are due July 19, 2019.
Contacts
Senior Counsel
She/Her/Hers
Insights
Client Alert | 2 min read | 05.09.24
New York Enacts Paid Prenatal Personal Leave
Beginning January 1, 2025, New York employers will be required to provide employees with 20 hours of paid “prenatal personal leave” during any 52-week calendar period to attend prenatal medical appointments during or related to pregnancy. New York is the first state in the country to mandate paid leave specifically for pregnant employees. “Prenatal personal leave” is included in an amendment to New York’s budget, recently signed into law as Sections 196-b.2 and 4-a of the New York Labor Law by the governor and cleared by the state legislature.
Client Alert | 12 min read | 05.09.24
Client Alert | 5 min read | 05.08.24
