sp6.io
Open in
urlscan Pro
3.21.213.16
Public Scan
Submitted URL: https://insights.sp6.io/e3t/Ctc/I7+113/d2lS5Y04/VX05sG7l-vzQW3CQXGG49LZdvW5VG-2S5cmsyQN91mn903qgyTW8wLKSR6lZ3mPW4YkvjJ5r...
Effective URL: https://sp6.io/blog/nist-800-171-revision-3-5-critical-updates-you-should-know/?utm_campaign=24-Q1-CRC&utm_medi...
Submission: On April 02 via api from US — Scanned from DE
Effective URL: https://sp6.io/blog/nist-800-171-revision-3-5-critical-updates-you-should-know/?utm_campaign=24-Q1-CRC&utm_medi...
Submission: On April 02 via api from US — Scanned from DE
Form analysis
1 forms found in the DOMGET https://sp6.io/
<form role="search" method="get" class="search-form" action="https://sp6.io/" data-hs-cf-bound="true">
<label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" value="" name="s"></label>
<button type="submit" class="search-submit"><i class="flaticon-search"></i></button>
<input type="hidden" name="swpmfe" value="27394fb391f570b0efbb6316d8dbb669">
</form>
Text Content
* Cyber Compliance * CMMC / DFARS Advisory Services * CUI Data Mapping * Security Gap Assessments * CMMC Remediation Services * C3PAO Assessment Support * Compliance As A Service (CaaS) * Compliance Automation Software * Splunk Services * Value Acceleration Program for Splunk * Professional Services * Value Acceleration Program for Splunk FAQs * Security Workshops * Splunk Health Checks * Splunk Observability and ITSI * Splunk Security Detections * Resources * Blog * CMMC Helpful Links * CMMC 2.0 Guidance * Company * Why SP6 * Leadership & Core Values * News * Careers * Social Responsibility * Search Menu * Cyber Compliance * CMMC / DFARS Advisory Services * CUI Data Mapping * Security Gap Assessments * CMMC Remediation Services * C3PAO Assessment Support * Compliance As A Service (CaaS) * Compliance Automation Software * Splunk Services * Value Acceleration Program for Splunk * Professional Services * Value Acceleration Program for Splunk FAQs * Security Workshops * Splunk Health Checks * Splunk Observability and ITSI * Splunk Security Detections * Resources * Blog * CMMC Helpful Links * CMMC 2.0 Guidance * Company * Why SP6 * Leadership & Core Values * News * Careers * Social Responsibility * Search Contact Us NIST 800-171 REVISION 3: 5 CRITICAL UPDATES YOU SHOULD KNOW * SP6 * February 1, 2024 On 10 January 2024, The National Institute of Standards and Technology (NIST) shared critical updates to Special Publication 800-171, Revision 3. These guidelines safeguard the Controlled Unclassified Information (CUI) processed, stored, or transmitted by nonfederal systems and organizations. This 10-year-old initiative has affected thousands of defense contractors, subcontractors, and critical infrastructure. Here are some key takeaways from the release of SP 800-171 r3. 1. ALIGNMENT WITH THE LANGUAGE AND FORMAT OF NIST SP 800-53 R5 NIST SP 800-171 Revision 3 now aligns more closely with NIST SP 800-53 Revision 5, ensuring security requirements are communicated consistently across federal and nonfederal organizations. By aligning with NIST 53 r5, NIST 171 r3 brings the security requirements from higher to lower level by making the potential implementation statements narrower. This is especially true with the inclusion of Organization-Defined Parameters (ODPs). 2. REDUCTION OF ORGANIZATION-DEFINED PARAMETERS (ODP) The introduction of ODPs in select security requirements offers increased flexibility for organizations to better manage risks as suited to their specific contexts. ODPs also help bring high-level requirements to a more narrow, mature, and specific set of requirements. While NIST reduced the number of ODPs between the initial public draft (IPD) and this final public draft (FPD) by over 50%, the ODPs that survived the cut will more than likely remain for the final publication. ORCs and Not Applicable (NAs) are also new and leveraged to explain the tailoring criteria. 3. INTRODUCTION OF PROTOTYPE CUI OVERLAY NIST provides a nifty tool to help identify the traceability between the NIST 53 r5 and 171 r3. This also includes the logic behind the tailoring and introduces new tailoring criteria. The overlay helps navigate the requirements, including the detailed analysis to support the tailoring and mapping from the original control. It will look more like NIST 53 r5, and by the time we get to NIST 171r4, NIST anticipates the overlay will be more noticeable than these initial versions. One of the tailoring decisions that might cause confusion is the addition of the Other-Related-Controls (ORCs). This is a criteria that states that “the control relating to the protection of confidentiality of CUI is adequately covered by other related controls.” In other words, if you’ve implemented all other security requirements, you don’t need to worry about this item because you’ve done it, too; the control is just here as a placeholder. The rule of thumb is, if a requirement is not in a contract or part of Section 3 (The Requirements section), then it is not an assessable requirement. Remember the NFOs in 171 rev2? 4. ENHANCED SPECIFICITY AND CLARITY Revision 3 also includes more specific and clear security requirements, reducing assessment ambiguity. This clarity will help contractors better understand the system requirements, how to effectively implement them, and how the assessment bodies will assess the cybersecurity practices. 5. EXTENSION OF PUBLIC INVOLVEMENT NIST has conducted extensive data collection, analysis, and public interaction to develop these guidelines. The public comment period has been extended, allowing stakeholders to review and provide feedback on the draft. IMPLICATIONS FOR FEDERAL AGENCIES AND CONTRACTORS The revised guidelines are intended to assist federal agencies and government contractors in consistently implementing these security requirements to protect the confidentiality of CUI. Systems storing CUI often support government programs with critical assets, making their protection paramount. The changes aim to simplify the NIST cybersecurity publications ecosystem while ensuring improved national and economic security safeguards. FUTURE DIRECTIONS NIST plans further revisions and updates following the finalization of SP 800-171 r3. This includes updates to related publications such as SP 800-171A (security requirement assessment) and SP 800-172 (enhanced security requirements). SP6 SPLUNK PARTNERVERSE * Value Acceleration Program for Splunk * Professional Services * Value Acceleration Program for Splunk FAQs CYBER COMPLIANCE * CMMC Overview * CUI Data Mapping * CMMC Implementation Services * Security Gap Assessments * C3PAO/DIBCAC Support * Compliance as a Service (CaaS) COMPANY * News * Careers * Social Responsibility * Blog * Thought Leadership * Privacy Policy * +1 (727) 758-4742 * service@sp6.io * 13577 Feather Sound Dr Clearwater, FL 33762 Linkedin Twitter Facebook © 2024 SP6 Consulting, LLC. All rights reserved Search for: We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok