A Training Session on Implementing CUI

ATTN:  THIS EVENT IS NOW FULL

 

On Thursday the 29th of August from 1-3, the CUI Program office will host a in person training session on the implementation of the CUI program.  The training will include a brief background of the program, an update on the status of implementation, and a program elements overview.

The training will be held in the Washington Room at the National Archives building, 701 Constitution Ave NW (please use the special events entrance). We are not offering a call in number for this session.

This event is open to the first 55 people who RSVP to cui@nara.gov and it is intended for those who are supporting or developing a CUI program at their agency or organization.

FY 2018 ISOO Annual Report Release

The Information Security Oversight Office (ISOO) released its Fiscal Year (FY) 2018 Annual Report to the President today and posted it here.  In his Letter to the President, ISOO Director Mark A. Bradley highlighted the challenges the Government faces in trying to safeguard and manage petabytes of electronic data using antiquated systems meant for paper. He also stressed the need for the Government to modernize its information security and information management policies, and to adopt a technology and investment strategy to accomplish it.

The report featured both an update on ISOO’s efforts to implement recommendations from its FY 2017 Annual Report to the President and a high-level assessment of the various programs in ISOO’s portfolio, including the Controlled Unclassified Information (CUI) Program.  The first page of the FY 2018 report is dedicated to an evaluation of agency CUI implementation efforts and ISOO’s work supporting implementation. The report noted that agencies have made significant progress since last year, but work remains to be done.

Specifically, many agencies still have not submitted CUI budget estimates to the Office of Management and Budget (OMB). To aid agencies, ISOO worked with OMB to modify section 31.15 of Circular A-11, Preparation, Submission, and Execution of the Budget. This guidance now includes details meant to inform what agencies need to include in submitting their CUI implementation budget estimates: hiring staff to implement and manage the program; developing and deploying automated marking tools; and creating training programs for agency staff. ISOO also worked with the Departments of Homeland Security and Defense, the National Aeronautical and Space Administration, and the General Services Administration to draft standard safeguarding requirements for inclusion in a Federal Acquisition Regulation (FAR). ISOO and its partners hope to finalize these requirements in FY 2019 so it is ready for use by agencies.

We hope you take time to read both the Director’s Letter to the President as well as the full report.

CUI Program Update to Stakeholders

 

The next CUI Program update to Stakeholders will be held on

               November 13 from 1-3.

The following information that will be discussed:

Topics include:

  • A brief overview of the CUI program;
  • An update on agency implementation efforts;
  • The status and plans for a CUI Federal Acquisition Regulation Rule;
  • CUI Training session that will be held on August 29 from 1-3;
  • Time for Questions and Answers.

Hosted by: Devin Casey and Charlene Wallace

The phone in information will be posted in the upcoming weeks.

A Training Session on Implementing CUI

On Thursday the 29th of August from 1-3, the CUI Program office will host a in person training session on the implementation of the CUI program.  The training will include a brief background of the program, an update on the status of implementation, and a program elements overview.

The training will be held in the Washington Room at the National Archives building, 701 Constitution Ave NW (please use the special events entrance). We are not offering a call in number for this session.

This event is open to the first 55 people who RSVP to cui@nara.gov and it is intended for those who are supporting or developing a CUI program at their agency or organization.

 

CUI Program Update to Stakeholders

EDIT: Slides for this briefing can be found here CUI Stakeholders Briefing 20190717

The Next CUI Program Update to Stakeholders is scheduled for July, 17 (1pm-3pm Eastern).

The briefing will be broken up into two parts:

  1. Update on CUI implementation.
  2. Q&A.

The conference begins at 1:00 PM Eastern Time on July 17, 2019; you may join the conference 10 minutes prior.

Step 1: Dial into the conference.
Dial-in: 1-877-369-5243 or 1-617-668-3633
Access Code: 0645584##
Need an international dial-in number?

Step 2: Join the conference on your computer.
Entry Link: http://ems8.intellor.com/login/813264

When you access the entry link above, you will be provided a choice – to install the WebEx plug-in for your preferred browser or to join the web conference using a temporary path. Either option is acceptable.

Need technical assistance? Call the AT&T Help Desk at 1-888-796-6118 or 1-847-562-7015.

Protecting Controlled Unclassified Information: Comment on Draft NIST SP 800-171 Rev. 2 and Draft NIST SP 800-171B (comment period ends July 19, 2019)

https://csrc.nist.gov/News/2019/draft-sp-800-171-rev-2-and-sp-800-171b

NIST is seeking comments on Draft NIST Special Publication (SP) 800-171 Revision 2Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and Draft NIST SP 800-171BProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets.

The public comment period for both publications ends on July 19, 2019. See the publication details for SP 800-171 Rev. 2 and SP 800-171B for document files and instructions on submitting comments.

Details

Draft NIST SP 800-171 Revision 2 provides minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and References appendices. There are no changes to the basic and derived security requirements in Chapter Three. For ease of use, the Discussion sections, previously located in Appendix F (SP 800-171 Revision 1), have been relocated to Chapter Three to coincide with the basic and derived security requirements.

Draft NIST SP 800-171BProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets, was developed in the spring of 2019 as a supplement to NIST SP 800-171. This new document offers additional recommendations for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations where that information runs a higher-than-usual risk of exposure. When CUI is part of a critical program or a high value asset (HVA), it can become a significant target for high-end, sophisticated adversaries (i.e., the advanced persistent threat (APT)). In recent years, these critical programs and HVAs have been subjected to an ongoing barrage of serious cyberattacks, prompting the Department of Defense to request additional guidance from NIST.

The enhanced security requirements are to be implemented in addition to the basic and derived requirements in NIST SP 800-171, since the basic and derived requirements are not designed to address the APT. The enhanced security requirements apply only to components of nonfederal systems that process, store, or transmit CUI or that provide protection for such components when the designated CUI is contained in a critical program or HVA. The enhanced security requirements are only applicable for a nonfederal system or organization when mandated by a federal agency in a contract, grant, or other agreement.

2nd Industry Day Update

Industry clapart

 

June 21, 2019

10:00 a.m. – 2:00 p.m.

McGowan Theater + Presidential Conference rooms

National Archives Museum

701 Constitution Ave. NW

Washington, DC  20408

This event is FREE to all vendors and attendees!

ISOO is hosting it’s 2nd Industry Day for the Executive Branch entities or other stakeholders (i.e., Agencies, Industry, Non-federal Organizations) to learn about products and services that have been developed for the CUI Program.

The day will begin in the McGowan Theater at 10:00 a.m. with a brief presentation.  The presentation will give an update on the status of the CUI Program implementation, a quick CUI program overview, an update on the FAR (Federal Acquisitions Regulation), what CUI resources are offered, when we will be holding the next Stakeholders webex, and information about our CUI Blog.  Then we will convene to the Presidential conference rooms.

Below is a list of vendors that will have a booth at this event.

WE STILL HAVE 2 BOOTHS AVAILABLE 

     

OOAC   –   TITUS   –   CORE BUSINESS SOLUTIONS, INC. –

SYSARC   –    SERABRYNN   –   SEM   –   INFUSIONPOINTS,  LLC   –   DELOITTE   –   

ACTIVE NAVIGATION   –    COALFIRE   –   IVIS TECHNOLOGIES   –   

SECRESTRUX LLC   –   PKH ENTERPRISES   –   BRMI   –   ACVITS   –

SABINE SOLUTIONS INCORPORATED & ASSURED BRIDGE INCORPORATED    –

       PROTIVITI GOVERNMENT SERVICES   –  FEDERAL RECORDS CENTERS – 

INSIDER THREAT DEFENSE GROUP   –  171 COMPLY   –   

CENTER FOR DEVELOPMENT OF SECURITY EXCELLENCE

                                                         

 

 

 

 

 

 

 

 

 

 

Industry Day Reminder

 

Industry clapart

Industry Day

June 21, 2019

10:00 a.m. – 2:00 p.m.

McGowan Theater + Presidential Conference rooms

National Archives Museum

701 Constitution Ave. NW

Washington, DC  20408

ISOO is hosting our 2nd Industry Day for Executive Branch entities or other stakeholders (i.e., Agencies, Industry, Nonfederal Organizations) to learn about products and services that have been developed for the CUI Program.  If you would like to learn more about the CUI program prior to attending Please be sure to visit the CUI training page at: https://www.archives.gov/cui/traing.html

This event is FREE to all vendors and attendees.

If you are interested in attending please RSVP to CUI@NARA.GOV

If you are interested in a booth, please submit this form to CUI@NARA.GOV

Industry Day Reminder

 

Industry clapart

Industry Day

June 21, 2019

10:00 a.m. – 2:00 p.m.

McGowan Theater + Presidential Conference rooms

National Archives Museum

701 Constitution Ave. NW

Washington, DC  20408

ISOO is hosting our 2nd Industry Day for Executive Branch entities or other stakeholders (i.e., Agencies, Industry, Nonfederal Organizations) to learn about products and services that have been developed for the CUI Program.  If you would like to learn more about the CUI program prior to attending Please be sure to visit the CUI training page at: https://www.archives.gov/cui/training.html

This event is FREE to all vendors and attendees.

If you are interested in attending please RSVP to CUI@NARA.GOV

If you are interested in a booth, please submit this form to CUI@NARA.GOV

WE STILL HAVE BOOTHS AVAILABLE FOR VENDORS!

(Booths will be assigned on a first come, first serve basis)