The National Institute of Standards and Technology has issued its guidance on ensuring the security of government information housed in systems not owned and operated by federal entities.
The guidance, titled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”, includes security recommendations for agencies seeking to ensure the confidentiality of CUI in systems that don’t operate under government oversight.
NIST noted that the guidance may be used to inform the development of requirements in contract vehicles and other agreements with commercial entities. Technologies covered by the guidance include components of nonfederal platforms that process CUI or provide protection for such data.
According to the agency, protection of CUI is “of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions.”