NIST finalizes updated guidelines for protecting sensitive information

Contractors and other organizations that do business with the federal government now have clearer, more straightforward guidance for protecting the sensitive data they handle.

The National Institute of Standards and Technology (NIST) has finalized its updated guidelines for protecting this data, known as controlled unclassified information (CUI), in two publications: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171, Revision 3), and its companion, Assessing Security Requirements for Controlled Unclassified Information (NIST SP 800-171A, Revision 3).

These guidelines require organizations to safeguard CUI such as intellectual property and employee health information. Systems that process, store and transmit CUI often support government programs involving critical assets, such as weapons systems and communications systems, which are potential targets for adversaries.

The two publications draw on NIST’s source catalog of security and privacy controls (NIST SP 800-53) and assessment procedures (NIST SP 800-53A). Before this update, the wording of these documents did not match the language of the source catalogs, potentially creating ambiguity in the security requirements and uncertainty in security requirement assessments. The update is designed to address these issues and also streamline and harmonize NIST’s portfolio of cybersecurity guidance.

(Source: NIST)

NIST releases draft Interagency Report 8498 “Cybersecurity for Smart Inverters” for public comment

On May 10, NIST's National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of NIST Interagency Report (NIST IR) 8498, Cybersecurity for Smart Inverters: Guidelines for Residential and Light Commercial Solar Energy Systems, for public comment.

The use of small-scale solar energy systems to generate electricity continues to increase. Smart inverters provide two critical functions to a small-scale solar energy system: they convert the direct current (DC) produced by solar panels to the alternating current (AC) used in homes and businesses, and they manage the flow of excess energy to the local electric grid.

This report provides practical cybersecurity guidelines for small-scale solar inverter implementations typically used in homes and small businesses. The report also presents recommendations to smart inverter manufacturers to improve the cybersecurity capabilities in their products.

The public comment period is open through June 10, 2024. See the publication details for a copy of the draft and instructions for submitting comments.

(Source: NIST)