Significant changes NIST SP 800-171, Revision 3 include:

1. Updates to the security requirements and families to reflect updates in NIST SP 800-53, Revision 5 and the NIST SP 800-53B moderate control baseline
2. Updated tailoring criteria
3. Increased specificity for security requirements to remove ambiguity, improve the effectiveness of implementation, and clarify the scope of assessments
4. Introduction of organization-defined parameters (ODP) in selected security requirements to increase flexibility and help organizations better manage risk
5. A prototype CUI overlay

The development of the security requirements and supporting material for the protection of Controlled Unclassified material (CUI) took more than a year, and the update to NIST SP 800-171 is the result of data collecting, technical analysis, customer contact, and redesign. To guarantee that the technical and non-technical requirements have been presented clearly and simply while also taking into account the unique demands of both federal and non-federal entities, numerous trade-offs have been made.

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at arlingtonintel.com.