1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Irony: NIST releases InfoSec guidelines for government contractors

Discussion in 'CSO' started by RSS, Jun 22, 2015.

  1. RSS

    RSS New Member Member

    The National Institute of Standards and Technology (NIST) has published a document for protecting Controlled Unclassified Information (CUI) when it resides on sub-contactor networks or other non-federal systems.

    Given the developments at the Office of Personnel Management (OPM), such guidance is ironic – especially since many of the NIST suggestions went missing over there.

    As they tell it, the NIST guidelines published last week were written for:

    "...federal agencies with recommended requirements for protecting the confidentiality of CUI: (i) when the CUI is resident in nonfederal information systems and organizations; (ii) when the information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and (iii) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or government wide policy for the CUI category or subcategory listed in the CUI Registry."

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page