Enter to open, tab to navigate, enter to select
NIST Issues Final Guidelines for Federal Agencies to Protect Sensitive Information
Practical Law Legal Update 1-616-6475 (Approx. 3 pages)
NIST Issues Final Guidelines for Federal Agencies to Protect Sensitive Information
by Practical Law Intellectual Property & Technology
| Published on 22 Jun 2015 • USA (National/Federal) |
The National Institute of Standards and Technology (NIST) has issued final guidelines to help federal agencies that share sensitive information with non-federal organizations to keep that information confidential.
On June 18, 2015, the National Institute of Standards and Technology (NIST), together with the National Archives and Records Administration, issued Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, Special Publication 800-171, which provides final guidelines for federal agencies to ensure that sensitive federal information remains confidential when stored in non-federal information systems and organizations. SP 800-171 is designed to provide guidance to federal employees with responsibilities for information systems development, acquisition, management and protection, and applies when:
- Controlled unclassified information (CUI) resides in non-federal information systems and organizations that are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies.
- There are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by authorizing law, regulation, or government-wide policy.
The guidelines apply to all components of non-federal information systems and organizations that process, store or transmit CUI, or provide security protection for those components.