NIST Publishes Final Guidelines for Protecting Information Held by Contractors
NIST published today its final guidelines for federal agencies to use when they provide unclassified but sensitive information to nonfederal workers, such as contractors or universities that work with the government.
The National Institute of Standards and Technology (NIST) published Friday its final guidelines for federal agencies to follow when they provide controlled unclassified information for use on nonfederal systems, such as information on systems used by contractors or universities that work with the government.
The guidance aims to ensure sensitive information remains confidential. The government established the controlled unclassified information (CUI) program to standardize how the executive branch handles unclassified information requiring protection, such as personally identifiable information.
The National Archives and Records Administration (NARA), which oversees the CUI program, worked with NIST to develop these guidelines, according to an agency statement.
"[The guidelines document] is critical to our strategy to strengthen needed protections for CUI," John Fitzpatrick, director of NARA's Information Security Oversight Office, said in a statement. "Together with NARA's recently proposed CUI regulation and a planned Federal Acquisition Regulation clause, we will bring clarity and consistency to the handling of CUI across government."
