Yesterday the OMB’s Office of Information and Regulatory
Affairs (OIRA) announced
that it had approved the final rule from the National Archives and Records
Administration (NARA) concerning the administration of the various Federal
Controlled Unclassified Information (CUI) programs. The final rule was
submitted to OIRA back in October of last year. The notice of proposed
rulemaking (NPRM) was
published in May, 2015 and I did a series
of blog posts on the provisions of that NPRM.
This rulemaking is mainly targeted at protecting CUI on
government and contractor IT systems. It is expected that it will require the
implementation of NIST
SP 800-171, Protecting Controlled Unclassified Information in Nonfederal
Information Systems and Organizations, as the IT security standard for contractors
and other non-government organization that are required to protect CUI.
Readers of this blog will be interested in this rule making
because of its potential effects on the following CUI programs:
Protected
Critical Infrastructure Information (PCII); and
I expect that the final rule will be published in the
Federal Register later this week.
NOTE: Corrected SSI program link - 08-10-16 21:30 EDT
NOTE: Corrected SSI program link - 08-10-16 21:30 EDT
Posts
No comments:
Post a Comment