NIST SP 800 171 applies to entities that handle government data in their systems. It forms the baseline for data security requirements those entities must meet. Included in the standard are best practices for protection of sensitive information in company systems.
The National Institute of Standards and Technology released public draft of NIST SP 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. NIST added 3 security requirement families and now includes 17 security control families.
There is a new update to NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, for spring 2023 release. NIST SP 800-171 forms backbone for contractor security requirements in Department of Defense regulations, CMMC program.