A recent NIST design guide discussing integrating security measures into the development process could potentially affect healthcare cybersecurity.
Topic: Protecting Controlled Unclassified Information (CUI)
Attention DoD contractors: NIST Special Publication 800-171 released in August 2015 and revised in December 2016 provides direction on implementing an information assurance framework for Non-federal information systems. This is important as there are a few new DoD designators for unclassified information that REQUIRE protection. The good news is that this framework reduces the burden on the contractor.
The revision has produced new requirements, added clarifications, and created many discussion points. This webinar will explain in detail the changes contained in SP 800-171 revision 1 and various FAR/DFAR hooks into the document, impacts is has on your organization, and how you can continue to implement its IA guidelines.
The CSIAC has compiled many resources on the topic of protecting Controlled Unclassified Information (CUI). Please browse the resources below.
Join the CSIAC and Subject Matter Experts in discussing how to protect CUI using the NIST framework presented in SP 800-171. Topics include what impact it has on your organization, and how you can begin to implement its guidelines.
Amazon's GovCloud Infrastructure-as-a-service (IaaS) supports ITAR restricted and Controlled Unclassified Information (CUI) data storage!
NIST requests comments on Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems. This Profile is based on NIST Special Publication (SP) 800-130, A Framework for Designing Cryptographic Key Management Systems, and has been prepared to assist Cryptographic Key Management System (CKMS) designers and implementers in
Attention DoD contractors: NIST’s latest publication released in August 2015 provides direction on implementing an information assurance framework for Non-federal information systems. This is important as there are a few new DoD designators for unclassified information that REQUIRE protection. The good news is that this framework reduces the burden on the
This publication provides federal agencies with recommended requirements for protecting the confidentiality of CUI: (i) when the CUI is resident in nonfederal information systems and organizations; (ii) where the CUI does not have specific safeguarding requirements prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category
Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. This guide will assist organizations and system owners in making practical sanitization decisions based on the categorization of confidentiality of their information.
This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation from a diverse set of threats including
With the issuance on November 4, 2010 of Executive Order 13556, "Controlled Unclassified Information," (the Order) and the issuance of CUI Office Notice 2011-01 on June 9, 2011, Executive branch agencies are required to take actions to implement a program for managing information that requires safeguarding or dissemination controls pursuant to and consistent
Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. Executive Order 13556 "Controlled Unclassified Information" (the
The E-Government Act (P.L. 107-347), passed by the one hundred and seventh Congress and signed into law by the President in December 2002, recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA),