The program office behind the Pentagon's cyber certification program and civilian agencies are identifying issues over the use of "organization-defined parameters" in the latest draft update to NIST Special Publication 800-171, a foundational document on the handling of controlled unclassified information. “The use of ODPs while providing flexibility for Federal organizations that choose to establish non-standard formulations for use in their specific contracts ultimately renders the 171r3 neither a standard nor scalable. Scalability is crucial to implementation of these requirements...