NIST July Bulletin

NIST released its July bulletin summarizing assessing security requirements for Controlled Unclassified Information (CUI).  Additionally, the DFAR require compliance by federal and nonfederal organizations who handle this type of information. NIST July Bulletin

Controlled Unclassified Information (CUI)

Controlled Unclassified Information requires special handling and protection by an organization through compliance with 110 security controls. These controls are defined in NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems
and Organizations. Additionally,  assessing procedures for an organization is covered in NIST 800-171A Assessing Security Requirements for Controlled Unclassified Information.

Impact of Non-compliance

Compliance with protecting Controlled Unclassified Information is defined in the DFAR SUBPART 204.73–SAFEGUARDING COVERED DEFENSE INFORMATION AND CYBER INCIDENT REPORTING. Most importantly, failure to be compliant can result in an organization being prevented from bidding on federal contracts or losing current contracts.

Duffy Compliance Services

Duffy Compliance Services (DCS) is a leader in helping companies and federal agencies in becoming compliant with the 110 security controls of NIST 800-171. DCS starts with a gap analysis followed by a remediation process which results in compliance. https://duffycompliance.com/cui-compliance/