Just in Time for Spring: Revision 2 to NIST SP 800-171 Comes into Full Bloom
Client Alert | 1 min read | 03.12.20
The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control. Importantly though, such guidance remains non-binding and is not intended to extend the scope of the controls’ requirements.
For future solicitations, Revision 2 will replace Revision 1 as the applicable standard under DFARS 252.204-7012. It remains to be seen how the finalization of Revision 2 will impact the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). Currently, many CMMC practices cite to Revision 1, while “Discussion” sections cite to the draft version of Revision 2.
Lastly, although introduced in draft form at the same time as Revision 2, the separate standard NIST SP 800-171B – describing enhanced security controls intended to mitigate the risks of Advanced Persistent Threats (APTs) – remains unfinalized.
Contacts
 - Partner, Crowell Global Advisors Senior Director - Washington, D.C.- D | +1.202.624.2698
 
- Washington, D.C. (CGA)- D | +1 202.624.2500
 
 
Insights
Client Alert | 13 min read | 10.30.25
Federal and State Regulators Target AI Chatbots and Intimate Imagery
In the first few years following the public launch of generative artificial intelligence (AI) in the autumn of 2022, litigation related to AI focused primarily on claims of copyright infringement. Suits revolved around allegations that the data on which AI models train, and/or the output they produce, infringe upon the intellectual property rights of others. (While some of these cases have settled or reached preliminary judgments, many remain ongoing.)
- Client Alert | 3 min read | 10.30.25 - Is Course Hero Heading to Summer School After Summary Judgment Loss? 
- Client Alert | 6 min read | 10.29.25 - Enhancing UK cyber security resilience and leadership engagement 
- Client Alert | 9 min read | 10.28.25 - Key Takeaways from a Consequential Month of Russia-Related Sanctions 

