NIST: Protecting data after it’s left your network

The National Institute of Standards and Technology has published the final version of its guidance to ensure that sensitive federal information remains confidential even when stored in nonfederal information systems.

Working with the National Archives and Records Administration, NIST released draft guidance last November to clarify how contractors, state and local governments, universities and independent research organizations routinely process, store and transmit sensitive federal information.

The final guidance, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST Special Publication 800-171), gives federal agencies recommended requirements for protecting the confidentiality of CUI residing in nonfederal systems that process, store, transmit or provide security for CUI. The requirements are intended for use by federal agencies in contractual vehicles or other agreements established between agencies and nonfederal organizations.

Continue reading at