NIST Publishes Final Guidelines for Protecting Information Held by Contractors
The National Institute of Standards and Technology (NIST) published Friday its final guidelines for federal agencies to follow when they provide controlled unclassified information for use on nonfederal systems, such as information on systems used by contractors or universities that work with the government.
The guidance aims to ensure sensitive information remains confidential. The government established the controlled unclassified information (CUI) program to standardize how the executive branch handles unclassified information requiring protection, such as personally identifiable information.
"[The guidelines document] is critical to our strategy to strengthen needed protections for CUI," John Fitzpatrick, director of NARA's Information Security Oversight Office, said in a statement. "Together with NARA's recently proposed CUI regulation and a planned Federal Acquisition Regulation clause, we will bring clarity and consistency to the handling of CUI across government."