Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST 800-172

NIST 800-172

NIST Special Publication 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations is an extension of the existing NIST SP 800-171. Current version specifically focus on sensitive but unclassified information dealt by organizations on behalf of the federal government and puts forward additional security requirements and practices pertaining to it.

Main features of NIST 800-172 are:

  1. Additional Requirements for Safety: The book offers better controls that are grouped into 14 categories of controls:
  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity
  1. Proactive Controls: Under NIST 800-172, proactive control includes threat hunting, encryption as well as continuous monitoring all of which will provide a workaround for future risks.
  2. Implementation Guidance: Publication details customised security requirements based on the varying risk levels of CUI. In that case, it also leaves room for adoption.

NIST SP 800-172 aims at assisting in bolstering the non-federal systems’ cybersecurity posture. In this case, the developed publication applies to sectors of critical infrastructure where preventing unauthorized access and disclosure as well as other advanced persistent threats is crucial.

Additional reading

Information Assurance vs Cybersecurity: Differences & Similarities

Information assurance and cybersecurity are terms that find their way into every general discussion about data protection. Both disciplines protect information from being misused, destroyed, modified, or lost. However, the two terms have some significant differences that security teams and founders must note. Understanding the nuances of both disciplines is crucial for organizations to build…

SOC 1 vs SOC 2 vs SOC 3 Comparison — Overview & Comparison

SOC 1, SOC 2, and SOC 3 are independent attestation reports that help organizations prove they have reliable security, privacy, and internal controls in place. Although they originate from the same AICPA framework, each report serves a distinct purpose: SOC 1 focuses on financial reporting controls, SOC 2 evaluates security and trust principles, and SOC…

CIS vs. NIST: Which Framework is Right For Your Business? 

Designing and managing security architecture is a multifaceted task, and doing so without proper guidance can be challenging. Thankfully, numerous security frameworks are available to provide direction for your business.  Two primary models in cyber security that are generally recognized internationally are CIS (Center for Internet Security) and NIST (National Institute of Standards and Technology)….

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales