FB pixel

NIST adds flexibility, digital format to security requirements for federal contractors

NIST adds flexibility, digital format to security requirements for federal contractors
 

The U.S. National Institute of Standards and Technology has updated its guidance for how businesses working with the federal government should protect sensitive data with biometrics and other digital technologies.

NIST issued the new “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” (NIST Special Publication 800-171, Revision 3), and companion document “Assessing Security Requirements for Controlled Unclassified Information” (NIST SP 800-171A, Revision 3) based on its source catalog of security and privacy controls, as outlined in SP 800-53 and SP 800-53A, according to an announcement.

The controls laid out over the 120 pages of SP 800-171 address comprehensive security requirements for federal contractors, from access control to awareness and training, risk assessment to maintenance and incident response. Biometrics are not necessarily required, but are noted among possible technologies for use in identification and authentication, particularly for multi-factor authentication, in authenticator management and physical access control.

SP 800-171r3 updates the guidance for consistency with SP 800-53r5. It provides restructured security requirements to match the controls specified in SP 800-53r5, introduces organization-defined parameters (ODPs), streamlined criteria for tailoring, and recategorized controls based on those criteria. SP 800-171Ar3 adjusts the terminology for assessment procedures to line with the security and privacy controls and builds in ODPs. An FAQ explains that the purpose of ODPs is “to provide flexibility to federal agencies in tailoring controls to support specific organizational missions or business functions and to manage risk.”

The safeguards are now available in machine-readable formats like JSON and Excel through NIST’s Cybersecurity and Privacy Reference Tool.

“Toolmakers often want to import relevant sections of the guidance directly into an electronic form for easier reference and use,” says NIST’s Ron Ross, one of the authors of the revised document. “Providing the guidance in these additional formats will allow them to do that. It will help a wider group of users to understand the requirements and implement them more quickly and efficiently.”

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biden executive order prioritizes privacy-preserving digital ID, mDLs

In one of his last official acts as President, Joe Biden on Thursday issued a robust new executive order (EO)…

 

Problem with police use of facial recognition isn’t with the biometrics

A major investigation by the Washington Post has revealed that police in the U.S. regularly use facial recognition as the…

 

Sri Lanka considers another tender to solve passport crisis

Sri Lanka’s government is likely to open another tender for e-passports after a legal dispute caused a backlog of thousands…

 

Age assurance gets warm early response from U.S. Supreme Court

The U.S. Supreme Court appears to be leaning toward support for Texas’ age assurance law, as it weighs a host…

 

State of passkeys 2025: passkeys move to mainstream

More than 1 billion people have activated at least one passkey according to the FIDO Alliance – an astonishing number…

 

Ofcom publishes highly anticipated age assurance statement

Ofcom has published its Age Assurance and Children’s Access Statement. The much-anticipated statement includes guidance on “highly effective age assurance”…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events