Just in Time for Spring: Revision 2 to NIST SP 800-171 Comes into Full Bloom
Client Alert | 1 min read | 03.12.20
The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control. Importantly though, such guidance remains non-binding and is not intended to extend the scope of the controls’ requirements.
For future solicitations, Revision 2 will replace Revision 1 as the applicable standard under DFARS 252.204-7012. It remains to be seen how the finalization of Revision 2 will impact the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). Currently, many CMMC practices cite to Revision 1, while “Discussion” sections cite to the draft version of Revision 2.
Lastly, although introduced in draft form at the same time as Revision 2, the separate standard NIST SP 800-171B – describing enhanced security controls intended to mitigate the risks of Advanced Persistent Threats (APTs) – remains unfinalized.
Contacts
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 4 min read | 04.08.26
Cosmetics Under the Microscope: FDA’s Expanding Regulatory Reach Under MoCRA
The Modernization of Cosmetics Regulation Act of 2022 (MoCRA) marked the most significant expansion of FDA’s authority over cosmetics in 80 years — and the agency is putting that authority to work. From the launch of a new adverse event reporting tool to forthcoming rules on fragrance allergens and good manufacturing practices (GMP), FDA is reshaping the regulatory landscape for manufacturers, packers, and distributors of cosmetic and personal care products.
Client Alert | 11 min read | 04.08.26
Client Alert | 3 min read | 04.07.26
Answering the Top Seven Questions About Pending Section 301 Deadlines
