110 likes | 174 Views
Stakeholder Briefing. Outline. CUI Overview CUI FAR Status NIST SP 800-171 Rev 2 NIST SP 800-171B CUI Program Manager Position Description CUI Multi-Step Destruction Process Revision CUI Media Label Update (SF 902 and 903) CUI Registry Committee Q&A. CUI Overview.
E N D
Outline • CUI Overview • CUI FAR Status • NIST SP 800-171 Rev 2 • NIST SP 800-171B • CUI Program Manager Position Description • CUI Multi-Step Destruction Process Revision • CUI Media Label Update (SF 902 and 903) • CUI Registry Committee Q&A
CUI Overview Quarterly CUI Program Updates! Contact Us!Contact an Agency!
NIST SP 800-171 Rev 2 Draft NIST SP 800-171 Revision 2 provides minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and References appendices. There are no changes to the basic and derived security requirements in Chapter Three. For ease of use, the Discussion sections, previously located in Appendix F (SP 800-171 Revision 1), have been relocated to Chapter Three to coincide with the basic and derived security requirements. Comment periodhas been extended to Friday, August 2, 2019. Submit comments to sec-cert@nist.gov. https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/draft
NIST SP 800-171B In recent years, these critical programs and HVAs have been subjected to an ongoing barrage of serious cyberattacks, prompting the Department of Defense to request additional guidance from NIST. This new document offers additional recommendations for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations where that information runs a higher than usual risk of exposure. • The enhanced security requirements are to be implemented in addition to the basic and derived requirements in NIST SP 800-171, since the basic and derived requirements are not designed to address the APT. • The enhanced security requirements apply only to components of nonfederal systems that process, store, or transmit CUI or that provide protection for such components when the designated CUI is contained in a critical program or HVA. • The enhanced security requirements are onlyapplicable for a nonfederal system or organization when mandated by a federal agency in a contract, grant, or other agreement. Comments on Draft SP 800-171B has been extended to Friday, August 2, 2019. Submit comments to sec-cert@nist.gov. https://csrc.nist.gov/publications/detail/sp/800-171b/draft
CUI Program Manager PD • The purpose of this notice is to provide a template for the CUI Program Manager position at agencies and to assist with the hiring of CUI Program Managers. • The position description is the result of work with the CUI Advisory council which helped provide a well-rounded and flexible template for the position of a CUI Program Manager. • The position description is optional and can be modified by an agency as needed.
CUI Notice on Destruction (Revision) • Clarifies the requirements of single step destruction. • Ensures proper oversight and handling of material prior to final destruction. CUI Notice 2019-03 Will be posted to the website shortly.
Media Labels! • The new media labels are finalized and will be available for purchase on GSA Advantage. • When the link is live we will post it to our blog!
CUI Registry Committee The purpose of the Committee is to advise the CUI Executive Agent and make recommendations on the establishment, modification, or elimination of CUI Categories or Limited Dissemination Controls for the CUI program.