Part 3 - Introduction to Material

00:04

All right, let's go ahead and get started. So we're gonna start off with the main one and go over just a little bit of preliminary information about 1 71 So, like we said, this comes to us from the National Institute of Standards and Technologies. It's a special publication 800-171

00:22

And in this section, we're gonna talk about what is C u Y. Which stands for controlled

00:28

but unclassified information. Then we're gonna talk about what Missed special publication 800-1 71 is and why we needed. And then we'll have a very high level move on to talking about the requirements.

00:43

All right, so what is C U I again? It is con controlled, but unclassified information. If you're remember a while back. S B u ah was very popular, sensitive, but unclassified information there were sort of various categories underneath that heading

01:00

so down. See why has replaced all of those elements of sensitive but unclassified. And ultimately, what it's gonna do is it's gonna deal with information that still has the need to be controlled, needs to be protected. We need to control how that information is disseminated,

01:19

making sure that it's in compliance with regulations and laws and any sort of policies along those lines.

01:26

Ultimately, it's going to be information that's in the best interest of the government to be protected, though it's not classified. So that's what See you, I is. It very much goes hand in hand with what used to be sensitive but unclassified information as you. And ultimately it's information the federal government

01:45

believe should be protected,

01:47

though not classified. Well, then, what is? Miss Special Publication 800-1 71 tells us how to safeguard that information. Okay, so ultimately, this focuses on protecting the confidentiality of see why

02:01

so when see why is resident in non federal information systems in organizations

02:07

so information still relevant to the government?

02:10

Those not specifically though, information that's not specifically house on a federal system.

02:19

Ah, when the information with see why resides eyes not operated by contractor. So again, really, this element of outside the federal agency, including contractors working for the federal agency and also in elements, were there no

02:35

specific requirements

02:37

that dictate how the information is safeguarded. So this is kind of the standard approach that we would take to protect that type of information.

02:46

All right, Why do we need it? Well, we have to figure out again how to provide for confidentiality of this information. So we're gonna talk about, you know, this is going to drive how developers produce the software,

03:01

how they implement security within the stages of the life cycle, how they designed in security.

03:07

It'll help project managers and program managers with their approach individuals that have toe act was it that are responsible for acquisition of certain systems or that are responsible for procurement, outsourcing,

03:23

um, individuals with information system or security or risk management responsibilities, which really, in a lot of ways,

03:31

cover so many of us. It's gonna help us provide and understand the guidelines.