Inside Cybersecurity

May 19, 2024

Daily News

Final update to NIST CUI publications features ‘organization-defined parameters’ for agencies to adjust security requirements

By Sara Friedman / May 15, 2024

NIST’s final update to two publications focused on controlled unclassified information puts in place “organization-defined parameters” and the ability for agencies to make determinations on what meets their needs.

“Organization-defined parameters are used in the SP 800-53 controls to provide flexibility to federal agencies in tailoring controls to support specific organizational missions or business functions and to manage risk,” NIST says in a FAQ released Tuesday in conjunction with revision three of NIST 800-171 and 800-171A.

The FAQ...

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.