Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (Final Public Draft)

Date Published: July 2020
Comments Due: August 21, 2020
Email Comments to: sec-cert@nist.gov

Planning Note (7/6/2020): We encourage reviewers to use the comment template for organizing and submitting comments.


Ron Ross (NIST), Victoria Pillitteri (NIST), Gary Guissanie (IDA), Ryan Wagner (IDA), Richard Graubart (MITRE), Deborah Bodeau (MITRE)


Draft NIST Special Publication (SP) 800-172 (formerly Draft NIST SP 800-171B) provides an enhanced security requirements to help protect the confidentiality, integrity, and availability of Controlled Unclassified Information (CUI) associated with critical programs or high value assets in nonfederal systems and organizations from the advanced persistent threat (APT). The APT is an adversary that possesses sophisticated levels of expertise and significant resources that allow it to create opportunities to achieve its objectives by using both cyber and physical attack vectors. The objectives include establishing and extending footholds within the infrastructure of the targeted organizations for the purposes of exfiltrating information; undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The APT pursues its objectives repeatedly over an extended period, adapts to defenders’ efforts to resist it, and is determined to maintain the level of interaction needed to execute its objectives.

Continue reading at https://csrc.nist.gov/publications/detail/sp/800-172/draft