Summary
NIST is seeking comments on Draft NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171. This is a final public draft.
The public comment period ends on August 21, 2020. See the publication details for a copy of the document and instructions on submitting comments.
Details
Draft NIST Special Publication (SP) 800-172 (formerly Draft NIST SP 80-171B) provides an enhanced security requirements to help protect the confidentiality, integrity, and availability of Controlled Unclassified Information (CUI) associated with critical programs or high value assets in nonfederal systems and organizations from the advanced persistent threat (APT). The APT is an adversary that possesses sophisticated levels of expertise and significant resources that allow it to create opportunities to achieve its objectives by using both cyber and physical attack vectors. The objectives include establishing and extending footholds within the infrastructure of the targeted organizations for the purposes of exfiltrating information; undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The APT pursues its objectives repeatedly over an extended period, adapts to defenders’ efforts to resist it, and is determined to maintain the level of interaction needed to execute its objectives.
The enhanced security requirements provide the foundation for a new multidimensional, defense-in-depth protection strategy through (1) penetration-resistant architecture, (2) damage-limiting operations, and (3) designing for cyber resiliency and survivability that support and reinforce one another while providing resiliency against the APT. This strategy recognizes that despite the best protection measures implemented by organizations, the APT may find ways to brea ..
Support the originator by clicking the read the rest link below.
