Double Whammy: NIST Unveils Draft Enhanced Security Requirements and Revisions to NIST SP 800-171
Client Alert | 1 min read | 06.21.19
The National Institute of Standards and Technology (NIST) has released drafts of NIST SP 800-171 Revision 2 and a companion standard NIST SP 800-171B, designed to protect Controlled Unclassified Information (CUI) from advanced persistent threats (APTs). 800-171B details 33 “enhanced” controls, reflecting core principles of penetration resistance, damage-limiting operations, and resiliency. Specific controls include those related to segregation, hunt teams, AI-enabled tools, IoT security, and supply chain – some of which arguably do not have firm industry definitions.
Unlike the non-substantive updates to Revision 2, 800-171B will apply only to contractors handling CUI that the government determines is part of a “critical program” or is a “high value asset.” A cost estimate from the Department of Defense – expected to quickly implement 800-171B – anticipates that less than one percent of its contractors will be impacted but that (allowable) costs could exceed $1 million.
Comments for all three documents are due July 19, 2019.
Insights
Client Alert | 5 min read | 07.14.25
The European Commission issues competition guidance in the transport sector
On July 9, 2025, the Directorate-General for Competition within the European Commission issued two informal guidance letters, both intended to bring increased clarity on competition law compliance to companies in the transport sector.
Client Alert | 4 min read | 07.11.25
Client Alert | 7 min read | 07.11.25
President Trump’s “One Big Beautiful Bill” Makes Changes to Medicaid
Client Alert | 4 min read | 07.11.25