Just in Time for Spring: Revision 2 to NIST SP 800-171 Comes into Full Bloom

Client Alert | 1 min read | 03.12.20

The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control. Importantly though, such guidance remains non-binding and is not intended to extend the scope of the controls’ requirements.

For future solicitations, Revision 2 will replace Revision 1 as the applicable standard under DFARS 252.204-7012. It remains to be seen how the finalization of Revision 2 will impact the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). Currently, many CMMC practices cite to Revision 1, while “Discussion” sections cite to the draft version of Revision 2.

Lastly, although introduced in draft form at the same time as Revision 2, the separate standard NIST SP 800-171B – describing enhanced security controls intended to mitigate the risks of Advanced Persistent Threats (APTs) – remains unfinalized.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 2 min read | 09.18.25

FDA Announces Intention to Initiate an Aggressive Enforcement Campaign Against Misleading Pharmaceutical Advertising

On September 9, 2025, the U.S. Department of Health and Human Services (HHS) and the Food and Drug Administration (HHS) issued a news release announcing an “aggressive[]” “crackdown” on direct-to-consumer pharmaceutical advertising. This release came on the heels of a Presidential Memorandum President Trump issued the same day directing HHS to “ensure transparency and accuracy in direct-to-consumer prescription drug advertisements,” and the FDA to “take action to enforce legal requirements that advertisements for prescription drugs be truthful and not misleading.”...

Client Alert | 3 min read | 09.17.25
The “Climate Cartel” – U.S. State AGs Cite Antitrust and Consumer Protection Concerns to Take Aim at Domestic and International Organizations
Client Alert | 4 min read | 09.17.25
California’s Chatbot Bill May Impose Substantial Compliance Burdens on Many Companies Deploying AI Assistants
Client Alert | 5 min read | 09.16.25
Bucking the Odds: Why Technology Companies Should Embrace Software Patents Today

View All Insights