Compliance Glossary

NIST Special Publication 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations is an extension of the existing NIST SP 800-171. Current version specifically focus on sensitive but unclassified information dealt by organizations on behalf of the federal government and puts forward additional security requirements and practices pertaining to it.

Main features of NIST 800-172 are:

1. Additional Requirements for Safety: The book offers better controls that are grouped into 14 categories of controls:

• Access Control
• Awareness and Training
• Audit and Accountability
• Configuration Management
• Identification and Authentication
• Incident Response
• Maintenance
• Media Protection
• Personnel Security
• Physical Protection
• Risk Assessment
• Security Assessment
• System and Communications Protection
• System and Information Integrity

2. Proactive Controls: Under NIST 800-172, proactive control includes threat hunting, encryption as well as continuous monitoring all of which will provide a workaround for future risks.
3. Implementation Guidance: Publication details customised security requirements based on the varying risk levels of CUI. In that case, it also leaves room for adoption.

NIST SP 800-172 aims at assisting in bolstering the non-federal systems’ cybersecurity posture. In this case, the developed publication applies to sectors of critical infrastructure where preventing unauthorized access and disclosure as well as other advanced persistent threats is crucial.