Tech

Guidance released for contractors storing sensitive data

The final guidance comes after NIST and the National Archives took public comment on two earlier drafts.

June 22, 2015

National Archives (NARA/Flickr)

The National Institute of Standards and Technology has released final guidelines for contractors safeguarding sensitive, but unclassified, federal information.

The guidance involves what’s called controlled unclassified information, or CUI. Contractors use this data to perform scientific research, conduct background checks, develop technology and accomplish a range of other functions for the government. The guidance would apply to other nonfederal government entities that use CUIs, like universities, state governments and research organizations.

In 2010, the White House issued an executive order establishing a CUI program and charged the National Archives and Records Administration with managing it. NIST worked with the National Archives to develop the guidelines, which apply to all parts of nonfederal IT systems “that process, store or transmit CUI, or provide security protection for those components,” according to a release.

The guidelines come after NIST and the National Archives released two drafts for public comment in April and November. Currently, they aren’t mandatory and must be applied through a contract or regulation, John Fitzpatrick, director of the National Archives’ Information Security Oversight Office, wrote in an email.

Meanwhile, NIST and the National Archives are working on a CUI rule for federal agencies. Fitzpatrick said that’s a critical piece for his office as it plans to propose a standard federal acquisition regulation clause for agencies to use when they have contracts involving CUI.

“[P]rocedurally, we are not permitted to propose a [Federal Acquisition Regulation] rule for contractors until after we have a final regulation, which applies to agencies,” he said.

Guidance released for contractors storing sensitive data

More Like This

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

CISA emergency directive tells agencies to fix credentials after Microsoft breach

Commerce adds five members to AI Safety Institute leadership

Top Stories

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Commerce requests information about AI, open data assets, data dissemination

Kiran Ahuja to step down as OPM director

ICE pursuing privacy approvals related to controversial phone location data

More Scoops

Raimondo announces picks for U.S. AI Safety Institute’s director, CTO

IRS changes public password policies to match NIST guidance

Leading AI-focused congressman on legislative prospects for the tech and the risks it presents

Labor Department CISO ‘somewhat disappointed’ by lack of appropriations to fund cyber modernization efforts

Experts warn of ‘contradictions’ in Biden administration’s top AI policy documents

NIST issues new draft guidance on handling sensitive information

New rule could impose CMMC-like cyber requirements for civilian agency contractors

Latest Podcasts

Guidance released for contractors storing sensitive data

Google’s Chris Hein on how AI is changing how citizens relate to government

OPM’s tech-friendly director steps down

World Bank’s Partha Perumbali and Aretec’s Waqas Haq on AI-powered search

Tech

Defense

Cyber

Acquisition