Through ADG Insights, we share with you the top legal and political issues affecting the aerospace, defense, and government services (ADG) industry. Our ADG industry team monitors the latest developments to help our clients stay in front of issues before they become problems and seize opportunities in a timely manner.
Federal agencies have taken numerous actions to protect against the threat of cyberattacks. Those actions include measures designed to protect Controlled Unclassified Information (CUI) held on information systems outside the federal government. Standards promulgated by the National Institute of Standards and Technology (NIST) in Special Publication (SP) 800-171 have been incorporated in regulations and government contracts as the baseline standards for protecting CUI on non-federal (i.e., contractor or grantee) systems. This past spring, in response to concerns about emerging and existent advanced persistent threats (APT) NIST released a new set of standards in SP 800-171B. SP 800-171B will supplement the baseline requirements contained in SP 800-171 by enhancing cybersecurity requirements for a small number of businesses — those that handle high value assets or participate in critical programs on a contract-by-contract basis.
But if history is an indication of the future, more companies may find themselves bound by these additional cybersecurity requirements. The public comment period for SP 800-171B concluded on August 2, 2019 and an updated version of that publication should be forthcoming.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.