top of page

Important NIST 800-171 Updates

On May 10th, 2023, NIST released Special Publication 800-171 Rev 3 (Draft) for public comment. This is the next iteration of the infamous “Protect CUI” prime directive and may have direct implications on CMMC regulations in the future. But, more importantly for now, pursuant to DFARS 252.204-7012 (b)(2)(ii)(A), covered contractor information systems are subject to 800-171 requirements, irrespective of revision, meaning that as soon as this is finalized, it will immediately supersede rev 2 and organizations will immediately be subject to compliance with the new version.

A couple of key takeaways from the draft and handy version-difference spreadsheet:

Again, no action is required at this time, but if your organization is in this space, it is probably a good idea to familiarize yourself with the proposed changes. F1 will continue to monitor the compliance landscape to stay ahead of the looming changes in the future!

12 views0 comments


bottom of page