Just in Time for Spring: Revision 2 to NIST SP 800-171 Comes into Full Bloom

Client Alert | 1 min read | 03.12.20

The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control. Importantly though, such guidance remains non-binding and is not intended to extend the scope of the controls’ requirements.

For future solicitations, Revision 2 will replace Revision 1 as the applicable standard under DFARS 252.204-7012. It remains to be seen how the finalization of Revision 2 will impact the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). Currently, many CMMC practices cite to Revision 1, while “Discussion” sections cite to the draft version of Revision 2.

Lastly, although introduced in draft form at the same time as Revision 2, the separate standard NIST SP 800-171B – describing enhanced security controls intended to mitigate the risks of Advanced Persistent Threats (APTs) – remains unfinalized.

Contacts

Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 2 min read | 07.01.25

DoD Establishes New DOGE Approval Process for ITC&MS and A&AS Contracts

On June 23, 2025, the DoD issued a memorandum, “Implementation of Department of Government Efficiency Cost Efficiency Initiative,” to establish a new DOGE approval process for unclassified IT consulting and management services (ITC&MS) contracts or task orders (TOs), and advisory and assistance services (A&AS) contracts or TOs. The memorandum establishes a formal approval process, which directs DOGE to review and provide input for certain contract requirement packages included in Defense Secretary Pete Hegseth’s May 27, 2025 directive, “Implementation of Executive Order 14222 – Department of Government Efficiency Cost Efficiency Initiative” (“Contract Guidance”). ...

Client Alert | 10 min read | 07.01.25
Ninth Circuit Decision Underscores Increasing False Claims Act Risks to U.S. Importers
Client Alert | 8 min read | 06.30.25
AI Companies Prevail in Path-Breaking Decisions on Fair Use
Client Alert | 3 min read | 06.30.25
The New EU “Pharma Package”: Preparing for the Trilogues

View All Insights