The program office behind the Pentagon's cyber certification program and civilian agencies are identifying issues over the use of "organization-defined parameters" in the latest draft update to NIST Special Publication 800-171, a foundational document on the handling of controlled unclassified information.