March 06, 2019 Feature

Privacy and CUI: Today’s Federal Efforts Are Not Adequate to Respect Citizen Interests

By Robert Metzger

Federal regulations require departments and agencies to protect the confidentiality, integrity, and availability of information types known as “Controlled Unclassified Information” (CUI).1 Safeguarding requirements are specified in the Federal Information Security Modernization Act (FISMA) of 2014.2 The Department of Defense (DoD) requires its suppliers, at all tiers, to protect the confidentiality of “Covered Defense Information” (CDI), which includes all CUI categories. The National Institute of Standards and Technology (NIST) is the source of controls and enhancements used to protect CUI on federal information systems. NIST Special Publication (SP) 800-53 is the reference document for federal departments and agencies. A less rigorous set of safeguards, NIST SP 800-171, must be followed by those commercial organizations, including DoD suppliers, that are contractually obligated to protect CDI.

Premium Content For:
  • Science and Technology Law Section
Join - Now