NIST SP 800 171 applies to entities that handle government data in their systems. It forms the baseline for data security requirements those entities must meet. Included in the standard are best practices for protection of sensitive information in company systems.
The National Institute of Standards and Technology released public draft of NIST SP 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. NIST added 3 security requirement families and now includes 17 security control families.
There is a new update to NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, for spring 2023 release. NIST SP 800-171 forms backbone for contractor security requirements in Department of Defense regulations, CMMC program.
The Department of Defense’s Cybersecurity Maturity Model Certification program. This program may once again face delays. In the meantime, defense contractors that handle Controlled Unclassified Information are required to implement the security controls in NIST SP 800 171.