Final Draft of NIST SP 800-171A Gives Contractors Something to Sample

March 1, 2018

Last week, the National Institute of Standards and Technology (NIST) released its Final Draft of NIST Special Publication (SP) 800-171A, which will again be open for comment through March 23, 2018.  First proposed in November, the publication provides guidance to both contractors and agencies regarding how to conduct assessments under the prominent cybersecurity standard NIST SP 800-171, which lays the foundation for how contractors must protect all forms of Controlled Unclassified Information, including Covered Defense Information.  The Final Draft may be most notable for what it references but does not actually include:  In response to initial comments requesting sample system security plan (SSP) templates, the Final Draft explains that NIST will post sample templates to its Computer Security Resource Center.  Not wasting any time, sample templates of both a SSP and Plan of Action & Milestone (POAM) document are already available.  

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.