Our associations remain concerned about the implications of the compliance requirements for protecting Controlled Unclassified Information (CUI) in non-Federal information systems such as those operated by our member institutions. While we fully agree with the importance of protecting information, we have worked closely with NIST and NARA to try to ensure that the NIST SP 800-171 security requirements can be implemented in a manner that will minimize the burdens on our institutions. Some of our associations previously submitted comments which the agencies took into account in developing their final requirements and rule on CUI.