When non-federal systems handle CUI under a contract, which security guideline is referenced?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the DOD Instruction 5200.48 Controlled Unclassified Information (CUI) exam. Prepare with flashcards and multiple choice questions, each with detailed hints and explanations. Ensure success on your test day!

Multiple Choice

When non-federal systems handle CUI under a contract, which security guideline is referenced?

Explanation:
Handling CUI on non-federal systems that are under contract with a federal agency uses the NIST guideline specifically tailored for non-federal environments. NIST SP 800-171 provides the security requirements to protect CUI in information systems and organizations outside the federal civilian and defense spheres, and it is the standard invoked when a contract requires safeguarding CUI. While NIST SP 800-53 serves as the broader set of security controls for federal information systems, it isn’t the default baseline for non-federal contractors unless a contract explicitly calls for it. ISO/IEC 27001 and CIS Controls are important security frameworks, but they are not the contract-referenced standard for CUI protection in this context. Therefore, when the contract establishes it, NIST SP 800-171 is the guideline referenced.

Handling CUI on non-federal systems that are under contract with a federal agency uses the NIST guideline specifically tailored for non-federal environments. NIST SP 800-171 provides the security requirements to protect CUI in information systems and organizations outside the federal civilian and defense spheres, and it is the standard invoked when a contract requires safeguarding CUI. While NIST SP 800-53 serves as the broader set of security controls for federal information systems, it isn’t the default baseline for non-federal contractors unless a contract explicitly calls for it. ISO/IEC 27001 and CIS Controls are important security frameworks, but they are not the contract-referenced standard for CUI protection in this context. Therefore, when the contract establishes it, NIST SP 800-171 is the guideline referenced.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy