Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

Published: February 20, 2018


Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle


The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations. This publication provides federal agencies with recommended requirements for protecting the confidentiality of CUI: (i) when the CUI is resident in nonfederal information systems and organizations; (ii) when the information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and (iii) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category or subcategory listed in the CUI Registry. The requirements apply to all components of nonfederal information systems and organizations that process, store, or transmit CUI, or provide security protection for such components. The CUI requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations. [Supersedes SP 800-171r1 (December 2016): information-nonfederal-systems-and- organizations]
Citation: Special Publication (NIST SP) – 800-171

Report Number:

Pub Type: NIST Pubs

GSA Wants Streamlined Offer Forms

It is taking too long for the General Services Administration to process new offers from companies looking to get on a Multiple Award Schedules, according to officials, but a new policy seeks to streamline and standardize that work.

The MAS program will be releasing a draft of the new policy in “two-and-a-half to three months,” said Tiffany Hixson, GSA assistant commissioner for the Office of Professional Services and Human Capital Categories, during ACT-IAC’s Feb. 22 Federal Insights Exchange.

Continue reading:

Revise and Streamline VA Acquisition Regulation To Adhere to Federal Acquisition Regulation Principles (VAAR Case 2014-V002)


Department of Veterans Affairs.


Final rule.


The Department of Veterans Affairs (VA) adopts as final the proposed amendments to VA regulations. This rulemaking prescribes five new Economic Price Adjustment clauses for firm-fixed-price contracts, identifies VA’s task-order and delivery-order ombudsman, clarifies the nature and use of consignment agreements, adds policy coverage on bond premium adjustments and insurance under fixed-price contracts, and provides for indemnification of contractors for medical research or development contracts. This document adopts the proposed rule published on March 13, 2017, as a final rule with five technical non-substantive changes.

Learn more:

Joseph Petrillo: Beneficial potential changes for defense procurement

No one has said federal procurement is simple. But it’s way more complicated than it has to be. The Section 809 Panel looked closer at Defense procurement and found that the word “subcontractor” has around 27 different definitions. The rules make fine distinctions between commercial and commercial-off-the-shelf. The Panel has proposed numerous reforms. Joseph Petrillo, procurement attorney with Petrillo and Powell, joined Federal Drive with Tom Temin to discuss the reforms he believes will be most beneficial.

Listen to the story at

An agency-by-agency look at the 2019 budget request

President Donald Trump is calling for huge raises in the Defense Department budget and more cuts to most civilian agencies in his 2019 budget proposal, released Feb. 12.

It’s important to note that Congress ultimately approves the federal budget, and must ultimately pass an omnibus spending bill or another continuing resolution before March 23, the end date of the current CR for the 2018 budget proposal.

Continue reading:

Transferring Responsibilities and Consolidating Offices Highlight Trump Reorganization Plan

More than one year after President Trump issued an executive order calling on all federal agencies to submit a comprehensive plan to reorganize and reform themselves, the administration has proposed what it is now calling a “first step” toward submitting those changes.

The proposals were laid out in Trump’s fiscal 2019 budget, often focusing on consolidating administrative functions or merging various programs with similar functions, but not every agency detailed its plans. Some agencies put forward more specific ideas, such as shifting bureaus to new locations or transferring responsibilities to other agencies. The administration said more details would be forthcoming, pledging to create concrete goals and trackable metrics with “senior accountable officials” to oversee them.

Continue reading:

Enhanced Debriefing Rules in the NDAA Offer Protesters Several Practical Advantages

In Short

The Situation: The 2018 National Defense Authorization Act requires that the Secretary of Defense implement new rules for enhanced debriefings for certain types of acquisitions.

The Result: Once implemented, the enhanced debriefing rules will provide disappointed offerors with several advantages, including enhanced information about source selection decisions, a follow-up question-and-answer period, and additional time to consider whether to protest.

Looking Ahead: The enhanced debriefing scheme has the potential to increase the public’s (and contractors’) confidence in the procurement system by providing more transparency and could also decrease the number of protests filed.

Continue reading:

Pentagon Warns CEOs: Protect Your Data or Lose Our Contracts

SAN DIEGO — The Pentagon is warning defense-industry CEOs to better protect their computer networks or risk losing business.

“The culture we need to get to is that we’re going to defend ourselves and that … we want the bar to be so high that it becomes a condition of doing business,” Deputy Defense Secretary Patrick Shanahan said Tuesday at an industry conference here sponsored by the AFCEA and the U.S. Naval Institute.

Shanahan noted that CEOs would likely be hesitant to “sign a cyber disclosure statement that says everybody you do business with is secure.”

Continue reading:

DoD memo starts to cleave its acquisition office in half, reassigns workforce

Defense acquisition civilian personnel will see no changes in their title, series or grade as the Defense Department begins to cleave the office of acquisition, technology and logistics in half on Feb. 1.

Jan. 31 memo obtained by Federal News Radio and signed by Deputy Defense Secretary Patrick Shanahan outlines just how the Pentagon will split its acquisition office into an office of research and engineering and an office of acquisition and sustainment. Congress mandated the split in the 2017 defense authorization act.

“In elevating the mission of advancing technology and innovation while simultaneously fostering distinct technology and acquisition cultures, we must also take the opportunity to reform processes, internal practices and regulations and continue to remove barriers to innovation in research, engineering, acquisition and sustainment whenever possible,” the memo states.

Continue reading: