1. Home
  2. |Insights
  3. |Double Whammy: NIST Unveils Draft Enhanced Security Requirements and Revisions to NIST SP 800-171

Double Whammy: NIST Unveils Draft Enhanced Security Requirements and Revisions to NIST SP 800-171

Client Alert | 1 min read | 06.21.19

The National Institute of Standards and Technology (NIST) has released drafts of NIST SP 800-171 Revision 2 and a companion standard NIST SP 800-171B, designed to protect Controlled Unclassified Information (CUI) from advanced persistent threats (APTs). 800-171B details 33 “enhanced” controls, reflecting core principles of penetration resistance, damage-limiting operations, and resiliency. Specific controls include those related to segregation, hunt teams, AI-enabled tools, IoT security, and supply chain – some of which arguably do not have firm industry definitions.

Unlike the non-substantive updates to Revision 2, 800-171B will apply only to contractors handling CUI that the government determines is part of a “critical program” or is a “high value asset.” A cost estimate from the Department of Defense – expected to quickly implement 800-171B – anticipates that less than one percent of its contractors will be impacted but that (allowable) costs could exceed $1 million.

Comments for all three documents are due July 19, 2019. 

Insights

Client Alert | 3 min read | 09.04.25

Not Just the FAR, SAM.gov Gets Overhauled Too

The System for Award Management (SAM, available at sam.gov) is set to incorporate Revolutionary FAR Overhaul (RFO) changes as early as the first quarter of 2026. The RFO process, which began earlier this year, will trigger matching changes to representations and certifications in SAM.gov....