NIST Finalizes Enhanced Security Requirements for Combating Advanced Cyber Threats
Client Alert | 1 min read | 02.09.21
The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with critical programs and high value assets from sophisticated adversaries referred to as advanced persistent threats (APTs).
Although expected to impact relatively few contractors, where applicable, agencies may include select enhanced security requirements from 800-172 in their contract provisions. The Department of Defense (DoD) has also incorporated several of the requirements identified in prior drafts of 800-172 into maturity levels 4 and 5 of the Cybersecurity Maturity Model Certification (CMMC).
Contacts
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 5 min read | 03.30.26
The EU Pharma Package: The Transferable Exclusivity Voucher Compromise Proposal
In our third alert in this EU Pharma Package Series, we provided a detailed overview of the diverging positions of the European Commission, the European Parliament , and the Council of the European Union on the transferable exclusivity voucher (TEV) for priority antimicrobials.
Client Alert | 2 min read | 03.27.26
CMS Releases PY 2020 RADV Audit Methods and Instructions: Key Takeaways for Health Plans
Client Alert | 4 min read | 03.25.26
NAIC Intensifies AI Regulatory Focus: What Health Insurance Payors Need to Know
Client Alert | 11 min read | 03.25.26
White House National AI Policy Framework Calls for Preempting State Laws, Protecting Children
