Double Whammy: NIST Unveils Draft Enhanced Security Requirements and Revisions to NIST SP 800-171

Client Alert | 1 min read | 06.21.19

The National Institute of Standards and Technology (NIST) has released drafts of NIST SP 800-171 Revision 2 and a companion standard NIST SP 800-171B, designed to protect Controlled Unclassified Information (CUI) from advanced persistent threats (APTs). 800-171B details 33 “enhanced” controls, reflecting core principles of penetration resistance, damage-limiting operations, and resiliency. Specific controls include those related to segregation, hunt teams, AI-enabled tools, IoT security, and supply chain – some of which arguably do not have firm industry definitions.

Unlike the non-substantive updates to Revision 2, 800-171B will apply only to contractors handling CUI that the government determines is part of a “critical program” or is a “high value asset.” A cost estimate from the Department of Defense – expected to quickly implement 800-171B – anticipates that less than one percent of its contractors will be impacted but that (allowable) costs could exceed $1 million.

Comments for all three documents are due July 19, 2019.

Contacts

Evan D. Wolff
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2615
ZXdvbGZmQGNyb3dlbGwuY29t
Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 8 min read | 06.06.25

Litigation Funding Reforms: Clarity for UK Funders and Litigants Post-PACCAR

On 2 June 2025 the Civil Justice Council (a UK public body that advises on civil justice and civil procedure) (“CJC”) issued its Review of Litigation Funding Final Report (the “Report”). The CJC has provided comprehensive recommendations on the regulation and reform of litigation funding in England and Wales. The highlight recommendation of the Report is for the UK Government to remove third party litigation funding from the regulations and requirements of the Damages-Based Agreements Regulations 2013 (“DBA Regulations”), reversing the judgment of the Supreme Court in PACCAR.[1] Meanwhile, the UK Court of Appeal has recently endorsed a position that the Competition Appeal Tribunal (“CAT”) may order that third party funders of collective proceedings be paid first from litigation proceeds before claimants according to waterfall provisions in their funding agreements....

Client Alert | 2 min read | 06.06.25
Supreme Court Dismisses Cert Petition On Uninjured Class Members As Improvidently Granted
Client Alert | 2 min read | 06.06.25
Supreme Court Unanimously Rejects Sixth Circuit’s “Background Circumstances” Requirement For “Reverse Discrimination” Cases
Client Alert | 2 min read | 06.06.25
USPTO Director Clarifies Burden on IPR Petitioners Relying on Prior Art Cited During Prosecution

View All Insights