Double Whammy: NIST Unveils Draft Enhanced Security Requirements and Revisions to NIST SP 800-171
Client Alert | 1 min read | 06.21.19
The National Institute of Standards and Technology (NIST) has released drafts of NIST SP 800-171 Revision 2 and a companion standard NIST SP 800-171B, designed to protect Controlled Unclassified Information (CUI) from advanced persistent threats (APTs). 800-171B details 33 “enhanced” controls, reflecting core principles of penetration resistance, damage-limiting operations, and resiliency. Specific controls include those related to segregation, hunt teams, AI-enabled tools, IoT security, and supply chain – some of which arguably do not have firm industry definitions.
Unlike the non-substantive updates to Revision 2, 800-171B will apply only to contractors handling CUI that the government determines is part of a “critical program” or is a “high value asset.” A cost estimate from the Department of Defense – expected to quickly implement 800-171B – anticipates that less than one percent of its contractors will be impacted but that (allowable) costs could exceed $1 million.
Comments for all three documents are due July 19, 2019.
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 5 min read | 10.20.25
What’s new for Belgian Construction Contracts under the New Book 7 of the Civil Code
In recent years, there has been a wave of new legislation impacting contracts and contractual terms. The Belgian legislator is gradually adopting the different Books of the Belgian Civil Code, and the Belgian Code of Economic Law has been updated several times. These changes affect the way contract terms need to be drafted, not only between companies but also with consumers.
Client Alert | 3 min read | 10.17.25
California Enacts New Requirements and Restrictions for Health Care Transactions
Client Alert | 3 min read | 10.15.25
Client Alert | 10 min read | 10.15.25