This update to NIST SP 800-171 represents over one year of data collection, technical analyses, customer interaction, redesign, and development of the security requirements and supporting information for the protection of Controlled Unclassified Information (CUI). Many trade-offs have been made to ensure that the technical and non-technical requirements have been stated clearly and concisely while also recognizing the specific needs of both federal and nonfederal organizations.
In response to the 1600+ comments received on the initial public draft and its supporting resources, NIST continued to refine the security requirements to:
- Reduce the number of organization-defined parameters (ODP)
- Reevaluate the tailoring categories and tailoring decisions
- Restructure and streamline the discussion sections.
The public comment period is open now through January 12, 2024.