Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » NIST » NIST 800-172

NIST 800-172

NIST Special Publication 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations is an extension of the existing NIST SP 800-171. Current version specifically focus on sensitive but unclassified information dealt by organizations on behalf of the federal government and puts forward additional security requirements and practices pertaining to it.

Main features of NIST 800-172 are:

  1. Additional Requirements for Safety: The book offers better controls that are grouped into 14 categories of controls:
  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity
  1. Proactive Controls: Under NIST 800-172, proactive control includes threat hunting, encryption as well as continuous monitoring all of which will provide a workaround for future risks.
  2. Implementation Guidance: Publication details customised security requirements based on the varying risk levels of CUI. In that case, it also leaves room for adoption.

NIST SP 800-172 aims at assisting in bolstering the non-federal systems’ cybersecurity posture. In this case, the developed publication applies to sectors of critical infrastructure where preventing unauthorized access and disclosure as well as other advanced persistent threats is crucial.

Additional reading

How to implement role-based access control

How to implement role-based access control?

According to Gartner Analysts, by 2026, more than half of the cyberattacks will be aimed at organizations with weak or no zero-trust controls. Additionally, 10% of enterprises will have a mature and measurable zero-trust program. Zero-trust is based on the principle of holding back trust till something is verified—a principle that is both the present…
Cyber Essentials Plus cost

How much does Cyber Essentials Plus Certification cost?

Considering the seriousness of cyber-attacks faced by UK companies, the Cyber Essentials and Cyber Essentials Plus certifications were launched in June 2014. By October 2014, it became an essential requirement for government suppliers to ensure data protection.  According to the National Cyber Security Centre (NCSC), the previous year, 9037 Cyber Essential Plus certificates were issued,…
gdpr cookie consent

GDPR Cookie Consent: Protecting User Privacy and Data

Key Points Introduction Cloud-hosted companies that operate websites with global traffic must know about GDPR and cookies. In May 2020, the EU released an update to clarify their specific position around cookie usage.  Cookies give important insights to companies about the activity of their website visitors.Cookies are small files sent by websites to the visitor’s…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.