NIST Issues Revisions to Special Publication 800-171
On August 16, 2016, the National Institute for Standards and Technology (NIST) released draft revisions to Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (SP 800-171 Rev. 1). SP 800-171 is the primary standards document which the Department of Defense (DoD) has relied on in promulgating its Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity rules for defense contractors
and it will likely be the standards document upon which the anticipated controlled unclassified information (CUI) rule governing all federal contractors will be based.
The most substantive change to the publication involves the addition of a new standard, PL-2 (System Security Plan), which is derived from NIST’s security and privacy controls standard for federal information systems and organization (SP 800-53). The revisions contain a substantial discussion of the new standard: