Standards promulgated by NIST in Special Publication 800-171 have been incorporated in regulations and government contracts as the baseline standards for protecting Controlled Unclassified Information on contractor or grantee systems. This past spring, in response to concerns about emerging and existent advanced persistent threats, NIST released a new set of standards in SP 800-171B.
This publication will supplement the baseline requirements contained in SP 800-171 by enhancing cybersecurity requirements for a small number of businesses — those that handle high value assets or participate in critical programs on a contract-by-contract basis. More companies may find themselves bound by these additional cybersecurity requirements. The public comment period for SP 800-171B concluded on August, and an updated version of that publication should be forthcoming.
