Pursuant to Executive Order 13,556 and as forecasted in the draft of the National Institute for Standards and Technology’s (“NIST”) Special Publication (“SP”) 800-171, the National Archives and Record Administration (“NARA”) released on May 8, 2015 a proposed rule addressing the government-wide designation and safeguarding of Controlled Unclassified Information[1] (“CUI”) (“the Proposed CUI Rule” or “the Rule”). On June 18, 2015, NIST released the final version of SP 800-171, which provides guidance for protecting the confidentiality of CUI residing in nonfederal information systems.
SP 800-171 also includes interpretations of and best practices for compliance with the Proposed CUI Rule. As a result, reading SP 800-171 in conjunction with the Proposed CUI Rule suggests that contractors may soon face significant additional burdens for safeguarding government information on their systems.Continue Reading New Proposed Rule and Accompanying Guidance May Impose Additional Cybersecurity Burdens on Contractors Handling CUI