RESOURCES
NIST SP 800-172 “Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171”
NIST 800-172 prescribes enhanced security requirements designed to further protect Controlled Unclassified Information (CUI) from advanced persistent threats by protecting the confidentiality, integrity, and availability of that information on nonfederal information systems associated with critical programs or high value assets. This publication does not replace NIST SP 800-171, but creates additional security requirements that will need to be implemented for selected systems. Link | Download
Update: NIST SP 800-171 DoD Assessment Methodology Version 1.2.1
The DoD has released an update of its NIST SP 800-171 Assessment Methdology, introducing the ability for the DIBCAC to perform remote "virtual" assessments at the Medium and High Confidence level due to the COVID-19 pandemic. Basic assessments will still be self-reported by contractors, and the subtractive, weighted scoring system is still in place. Link | Download
Updated DoD Instruction 8582.01 (December 9, 2019)
The newly updated DoD Instruction 8582.01 replaces the previous version issued June 6th, 2012. This instruction comes from the office of the Chief Information Officer of the Department of Defense, to establish policies, assign responsibilities, and provide directions for managing security on all non-DoD systems that store or process any non-public DoD information, including CUI Link |Download
National Archives Controlled Unclassified Information (CUI) Registry – CUI Categories List
The CUI registry helps you understand what type of information is considered sensitive. There are many types and categories of CUI, and the registry provides descriptions as well as information and resources about marking and dissemination controls. Link