EDUCAUSE Comments: NIST Controlled Unclassified Information Guidelines

Published:: Tuesday, May 19, 2015
: Government Documents, Laws, Letters, Testimonies or Reports

Author(s) and Contributors:

Source(s) and Collection(s):: Sources(s): EDUCAUSE Policy Office

ParentTopics:: Data Administration and Management Data Security Policy and Law

Abstract

In late 2014, the National Institute of Standards and Technology (NIST) released an initial public draft of a new set of guidelines for federal agencies to follow in securing sensitive unclassified federal information residing in non-federal systems. An example of this would be when a federal research grant leads to a university information system holding data that, while not classified, is still subject to government controls on its further dissemination due to security, technological, or economic implications.

In active consultation and collaboration with our member-led Higher Education Information Security Council (HEISC), EDUCAUSE submitted comments on both the initial draft report, NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, as well as on the final public draft released in April 2015. Among other requests, EDUCAUSE asked NIST to clarify a number of proposed CUI requirements and how those would relate to other applicable laws and regulations. EDUCAUSE also requested that NIST further highlight the document’s guidance on the flexibility that colleges and universities have in addressing CUI requirements.

Download Resources

Download PDF
Jan 15, 2015 Letter to NIST
Download PDF
Final Public Draft
Download PDF
Publication Inititial Draft
Download PDF
May 12, 2015 Letter to NIST