Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST 800-172

NIST 800-172

NIST Special Publication 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations is an extension of the existing NIST SP 800-171. Current version specifically focus on sensitive but unclassified information dealt by organizations on behalf of the federal government and puts forward additional security requirements and practices pertaining to it.

Main features of NIST 800-172 are:

  1. Additional Requirements for Safety: The book offers better controls that are grouped into 14 categories of controls:
  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity
  1. Proactive Controls: Under NIST 800-172, proactive control includes threat hunting, encryption as well as continuous monitoring all of which will provide a workaround for future risks.
  2. Implementation Guidance: Publication details customised security requirements based on the varying risk levels of CUI. In that case, it also leaves room for adoption.

NIST SP 800-172 aims at assisting in bolstering the non-federal systems’ cybersecurity posture. In this case, the developed publication applies to sectors of critical infrastructure where preventing unauthorized access and disclosure as well as other advanced persistent threats is crucial.

Additional reading

Risk Assessment
Blogs

Sprinto’s Integrated Risk Assessment

Making Risk Assessment Insightful, Improved and Instant Risk assessment doesn’t always get the detailed attention it deserves in the run-up to getting audit ready. After all, working with unwieldy spreadsheets, double-guessing risk parameters and allocating risk profiles can make even the best of us wonder if we are going about it the right way!  But…
Everything you need to know about SaaS GRC 
Blogs GRC

Everything you need to know about SaaS GRC 

According to a recent study by Deloitte, 40% of organizations plan to invest in Governance, Risk, and Compliance (GRC) solutions or upgrade their existing implementation. This demonstrates the rising demand for agile solutions specifically designed for today’s dynamic business environments. Crafted to fit Software as a Service (SaaS) platforms, modern GRC solutions leverage technology to…
cybersecurity risk management
Blogs Cybersecurity

Cybersecurity Risk Management: Identifying and Managing Threats

When it comes to staying safe online, cyber security risk management is the key. But the idea of creating a thoughtful plan and process may sound intimidating—especially if you’re unsure where to begin.  That’s why we’ve taken the time to research and outline what a cybersecurity risk management process is and why it is important….

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales