NIST SP 800-171/172 and CMMC

Almost everyone agrees on the importance of protecting sensitive but unclassified information. But not everyone agrees on the same approach to solve the problem. Agencies are provided with many directives and deadlines about how to protect their systems and the data within them. NIST is a source of some of the most important.


Victoria Yan Pillitteri, Manager, Security Engineering and Risk Management Group, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology