DFARs 252.204-7012 & NIST 800-171 Foundations Course

- CUI supports federal missions and business functions that affect the economic and national security interests of the United States.
- colleges, universities,
- state, local and tribal governments,
- federal contractors and subcontractors often process, store, or transmit CUI.
NIST Special Publication 800-171 defines the security requirements for protecting CUI in non-federal information systems and organizations.
- Requirements are organized into fourteen families.
- Each family contains the requirements related to the general security topic of the family.
- In addition the Contractor shall include the clause in subcontracts for which performance will involve Covered Defense Information (CDI) or Operationally Critical Support (OCS).
- CDI is used to describe information that requires protection under DFARs Clause 252.204-7012.
- It is defined as unclassified Controlled Technical Information (CTI) or other information as described in the CUI Registry.
(http://www.archives.gov/cui/registry/category-list.html)
- CTI & CUI requires safeguarding/dissemination controls AND IS EITHER marked or otherwise identified in the contract and provided to the contractor by DoD in support of performance of the contract;
- OR the CDI is collected, developed, received, transmitted, used or stored by the contractor in performance of contract.