NFO Controls – “What you Should be Doing Anyway”
In August 2015, NIST 800-171 listed 62 Non-Federal Organization or NFO controls as "expected." Think of NFO as the controls you should already have in place. The additional 62 NIST controls marked "NFO," are not part of the "mandatory minimum." The Government expects them to be satisfied as part of your existing security policy. NFO items include controls covering every NIST category from Access Controls to Systems and Information Integrity -- they also include [...]