2024 | 05

NIST SP 800-171 Rev 3 Has Been Finalized

Yesterday, May 14th 2024, the National Institute of Standards and Technology (NIST) published the final versions of two documents:

NIST SP 800-171 Rev. 3 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

NIST SP 800-171A Rev. 3 Assessing Security Requirements for Controlled Unclassified Information

This has been a long-awaited update for NIST SP 800-171. In the past few months, there has been a lot of concern over how the new revision will impact current contracts. Current contracts with the DFARS 252.204-7012 clause will only need to meet NIST SP 800-171 Rev. 2 until the memorandum published by the Office of The Under Secretary of Defense is rescinded. For those looking at CMMC 2.0 compliance, we expect that there will be no changes any time soon to the assessment requirements.

In the coming weeks, look for a new blog post where we review the changes in NIST SP 800-171 and how they could potentially impact your compliance in the future.

Compliance Adherence, CMMC

You also might like:

If you feel overwhelmed by the CMMC process and even where to start, you are not alone. Many...

The Cybersecurity Maturity Model Certification (CMMC) Program final ruling has been dropped on the...

NIST SP 800-171 Rev 3 Has Been Finalized

You also might like:

Building Your CMMC Assessment Scope

EP 21 — AWS’s Travis Goldbach on Future Trends in Cloud Security and Zero Trust

Writing Effective Policies and Procedures for CMMC

CMMC Final Rule Drop