Lance Bellers - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

NIST guidance: Better security from federal contractors

With the recent OPM breach raising questions about the security of federal data within the government, NIST has issued new guidelines in order to secure data stored by federal contractors outside government facilities.

The National Institute of Standards and Technology has released new guidelines in an effort to secure federal data stored by contractors outside of the federal government.

The new guidelines (Special Publication 800-171) will apply to any organizations or information systems outside the federal government that process, transmit or store federal data considered to be "controlled unclassified information" (CUI). Classified information is regulated by a different set of rules.

The intent of the new guidelines is to provide federal agencies with recommended requirements for protecting confidentiality of CUI when dealing with private contractors, local government agencies, academic institutions or research organizations that handle federal data.

The recommendations cover 14 areas: access control, awareness and training, audit and accountability, configuration management, ID and authentication, incident response, maintenance, media protection, personnel security, physical protection, risk assessment, security assessment, system and communications protection, and system and information integrity.

According to the guidelines, if government data is designated to a specific system, organizations can limit the scope of the security requirements to those systems. This could incentivize those organizations to segment CUI as much as possible, but federal agencies can require segmentation because the originating agency is held responsible for the data.



Next Steps

Learn more about US government websites using encryption by 2017.

Dig Deeper on Data privacy issues and compliance