Tag Archives: Controlled Unclassified Information

DHS Proposed Rules Cover Privacy Training, IT Security Awareness Training and the Safeguarding of CUI

In January, we wrote about the new training requirement for employees who handle personally identifiable information (“PII”) or who build systems containing PII. On the same day that rule went into effect, Jan. 19, 2017, three related Department of Homeland Security (“DHS”) proposed rules were published in the Federal Register covering mandatory privacy training, information technology (“IT”) security awareness training, and the safeguarding of controlled unclassified information (“CUI”). Comments on all three proposed rules are due on Monday, March 20, … Read More

Will the New DoD Cybersecurity Regulations Cause a New Wave of Protest Disputes?

The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).

However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a … Read More

Government Contractors: New Obligations for Protecting Controlled Unclassified Information

New obligations are being imposed on government contractors for protecting Controlled Unclassified Information (CUI). The National Institute of Standards and Technology (NIST), which is responsible for developing information security standards and guidelines, recently published Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171, released June 2015. Contracting officers for federal agencies will impose the NIST recommended requirements for protecting the confidentiality of CUI:

  1. when the CUI is resident in nonfederal information systems and organizations;
  2. when
Read More
LexBlog