The National Institute of Standards and Technology (NIST) is planning to issue a draft second revision to its guidelines for controlled unclassified information handled by the Defense Department and government contractors, in order to better address “advanced persistent threats,” according to a key NIST official.
The upcoming draft revisions are based on recent assessments that information critical for national security requires “enhanced” protections, the NIST official said at a public meeting updating industry and government officials on the data requirements at NIST headquarters on Oct. 18, 2018.
NIST’s Ron Ross said a draft revision to NIST guideline 800-171 would be issued before the end of the year for public comment. The revisions are “just in the planning stages this week” and a formal announcement will be issued soon. Ross said the enhanced requirements would be proposed for comment as an appendix to the overall document to offer additional protections beyond “basic” controls outlined in chapter three of the guidelines.
The NIST guidelines are the basis for Defense Federal Acquisition Regulation Supplement, or DFARS, for cybersecurity risks issued in 2017 and still being implemented by DOD.
See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/