Final Draft of NIST SP 800-171A Gives Contractors Something to Sample

Client Alert | 1 min read | 03.01.18

Last week, the National Institute of Standards and Technology (NIST) released its Final Draft of NIST Special Publication (SP) 800-171A, which will again be open for comment through March 23, 2018. First proposed in November, the publication provides guidance to both contractors and agencies regarding how to conduct assessments under the prominent cybersecurity standard NIST SP 800-171, which lays the foundation for how contractors must protect all forms of Controlled Unclassified Information, including Covered Defense Information. The Final Draft may be most notable for what it references but does not actually include: In response to initial comments requesting sample system security plan (SSP) templates, the Final Draft explains that NIST will post sample templates to its Computer Security Resource Center. Not wasting any time, sample templates of both a SSP and Plan of Action & Milestone (POAM) document are already available.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 7 min read | 12.17.25

CARB Proposes Regulations Implementing California GHG Emissions and Climate-Related Financial Risk Reporting Laws

After hosting a series of workshops and issuing multiple rounds of materials, including enforcement notices, checklists, templates, and other guidance, the California Air Resources Board (CARB) has proposed regulations to implement the Climate Corporate Data Accountability Act (SB 253) and the Climate-Related Financial Risk Act (SB 261) (both as amended by SB 219), which require large U.S.-based businesses operating in California to disclose greenhouse gas (GHG) emissions and climate-related risks. CARB also published a Notice of Public Hearing and an Initial Statement of Reasons along with the proposed regulations. While CARB’s final rules were statutorily required to be promulgated by July 1, 2025, these are still just proposals. CARB’s proposed rules largely track earlier guidance regarding how CARB intends to define compliance obligations, exemptions, and key deadlines, and establish fee programs to fund regulatory operations....

Client Alert | 1 min read | 12.17.25
CBCA’s FY 2025 Report – Examining the Numbers
Client Alert | 7 min read | 12.17.25
Executive Order Tries to Thwart “Onerous” AI State Regulation, Calls for National Framework
Client Alert | 4 min read | 12.17.25
The new EU Bioeconomy Strategy: a regulatory framework in transition

View All Insights