NIST Offers a Two-for-One Special on Cybersecurity Updates
Client Alert | 1 min read | 06.20.18
The government’s leading authority on cybersecurity standards has issued two updates relevant to government contractors working with DoD sensitive data. First, the National Institute of Standards and Technology (NIST) updated Special Publication (SP) 800-171, the security standard required by the DFARS Safeguarding Clause 252.204-7012 and also expected to be required under a pending FAR Clause. In addition to nuanced security control revisions, notable changes include the addition of Appendix F, which discusses security requirements derived primarily from the separate standard NIST SP 800-53 in an effort to inform organizations about mechanisms and procedures used to implement required safeguards. Second, NIST finalized its draft of NIST SP 800-171A. This sister document provides guidance in assessing NIST SP 800-171 security controls, including System Security Plans (SSPs) and Plans of Action and Milestones (POAMs). Changes in the finalized guidance include the removal of NIST SP 800-53 guidance in Appendix D and its replacement with three assessment methods – Examine, Interview, and Test – that can be used to assess security requirements under NIST SP 800-171.
Contacts
 - Partner, Crowell Global Advisors Senior Director - Washington, D.C.- D | +1.202.624.2698
 
- Washington, D.C. (CGA)- D | +1 202.624.2500
 
 
Insights
Client Alert | 13 min read | 10.30.25
Federal and State Regulators Target AI Chatbots and Intimate Imagery
In the first few years following the public launch of generative artificial intelligence (AI) in the autumn of 2022, litigation related to AI focused primarily on claims of copyright infringement. Suits revolved around allegations that the data on which AI models train, and/or the output they produce, infringe upon the intellectual property rights of others. (While some of these cases have settled or reached preliminary judgments, many remain ongoing.)
- Client Alert | 3 min read | 10.30.25 - Is Course Hero Heading to Summer School After Summary Judgment Loss? 
- Client Alert | 6 min read | 10.29.25 - Enhancing UK cyber security resilience and leadership engagement 
- Client Alert | 9 min read | 10.28.25 - Key Takeaways from a Consequential Month of Russia-Related Sanctions 

