NIST’s timely new release of Special Publication (SP) 800-172 (formerly referred to in draft form as 800-171B) provides exactly what its title says, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171. Yet it goes a step further to protect controlled unclassified information (CUI) specifically from APTs.According to Scott Goodwin, IT audit and security supervisor with OCD Tech and Tripwire guest blog contributor, the latest NIST guidance “…introduces 33 enhanced security requirements designed to help protect DoD contractors (specifically, their high-value-assets and critical programs including CUI) from modern attack tactics and techniques related to Advanced Persistent Threats (APTs). These sophisticated attacks are most often executed by nation-state-backed cyber-criminals whose goal is to steal data relevant to national security.” As witnessed in the SolarWinds Orion attack and recent others, threats that go undetected can be the most damaging to both private and public sector environments. As an entity supported by thousands of non-federal service providers, the government has to make certain that CUI stored by commercial partners is protected.This was the government’s intent for NIST’s original SP 800-171. It was that nonfederal entities supporting government business would not only have guidance for securing CUI but would also have a solid framework for complying with requirements such as the DoD’s DFARS clause 252.204-7012. If companies want to continue doing ..
Support the originator by clicking the read the rest link below.
 Release Couldn’t Come at a Better Time){kind=link}