After more than a year of development, revision 3 of SP 800-171 and 171A are officially done. This week we're joined by Dr. Ron Ross to discuss what NIST learned from public comments, why NIST decided to add 19 new requirements, the thought process behind “ORC” controls, and what the future holds for the CUI series, rulemaking, and the SP 800-53 catalog.
Episode Links:
171r3 overview: https://youtu.be/TAzYQjLfPY0?si=TTP49MujwB3Obchl
171r3 overview blog: https://www.summit7.us/blog/nist-800-171-revision-3
Dr. Ross on the 171r3 final draft: https://youtu.be/IMms3dlPUGo?si=8Wd3p0At4BUhMkCq
NIST deep dive with Dr. Ross: https://youtu.be/vAPFmga_NtI?si=9_n5kXvTUYPcmUys
Scott Goodwin at CS2 Boston: https://youtu.be/LFfbDpZRM_M?si=yVcd4BxiwpNPzdRO