Just in Time for Spring: Revision 2 to NIST SP 800-171 Comes into Full Bloom

Client Alert | 1 min read | 03.12.20

The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control. Importantly though, such guidance remains non-binding and is not intended to extend the scope of the controls’ requirements.

For future solicitations, Revision 2 will replace Revision 1 as the applicable standard under DFARS 252.204-7012. It remains to be seen how the finalization of Revision 2 will impact the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). Currently, many CMMC practices cite to Revision 1, while “Discussion” sections cite to the draft version of Revision 2.

Lastly, although introduced in draft form at the same time as Revision 2, the separate standard NIST SP 800-171B – describing enhanced security controls intended to mitigate the risks of Advanced Persistent Threats (APTs) – remains unfinalized.

Contacts

Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 4 min read | 07.02.25

FTC Orders Divestitures in Retail Fuel Outlet Deal and Signals a Return to More Standard Remedy Discussions

Merger consent orders are back at the FTC, and the FTC’s most recent action showcases how the current leadership is analyzing divestiture proposals. Last week, the FTC approved a proposed consent agreement in Alimentation Couche-Tard Inc.’s (ACT) acquisition of retail fuel outlets from Giant Eagle, Inc. that paired standard retail divestitures with a “prior notice” requirement that ACT notify the agency of future acquisitions in certain markets regardless of size. This FTC has signaled greater acceptance of remedies than the prior administration, and this most recent consent puts that on display, with Commissioner Meador providing merging parties guidance on designing effective remedies....

Client Alert | 4 min read | 07.02.25
Section 230 Reform: What Websites Need to Know Now
Client Alert | 4 min read | 07.02.25
Supreme Court Upholds the Constitutionality of the U.S. Preventive Services Task Force and the Affordable Care Act’s Preventive Service Coverage Scheme
Client Alert | 3 min read | 07.02.25
USPTO's Upcoming Changes to the Accelerated Examination Program

View All Insights