NIST Finalizes Enhanced Security Requirements for Combating Advanced Cyber Threats

Client Alert | 1 min read | 02.09.21

The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with critical programs and high value assets from sophisticated adversaries referred to as advanced persistent threats (APTs).

Although expected to impact relatively few contractors, where applicable, agencies may include select enhanced security requirements from 800-172 in their contract provisions. The Department of Defense (DoD) has also incorporated several of the requirements identified in prior drafts of 800-172 into maturity levels 4 and 5 of the Cybersecurity Maturity Model Certification (CMMC).

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 4 min read | 12.04.25

District Court Grants Preliminary Injunction Against Seller of Gray Market Snack Food Products

On November 12, 2025, Judge King in the U.S. District Court for the Western District of Washington granted in part Haldiram India Ltd.’s (“Plaintiff” or “Haldiram”) motion for a preliminary injunction against Punjab Trading, Inc. (“Defendant” or “Punjab Trading”), a seller alleged to be importing and distributing gray market snack food products not authorized for sale in the United States. The court found that Haldiram was likely to succeed on the merits of its trademark infringement claim because the products at issue, which were intended for sale in India, were materially different from the versions intended for sale in the U.S., and for this reason were not genuine products when sold in the U.S. Although the court narrowed certain overbroad provisions in the requested order, it ultimately enjoined Punjab Trading from importing, selling, or assisting others in selling the non-genuine Haldiram products in the U.S. market....

Client Alert | 21 min read | 12.04.25
Highlights: CMS’s Proposed Rule for Medicare Part C & D (CY 2027 NPRM)
Client Alert | 5 min read | 12.02.25
CARB Delays Enforcement of California’s Climate-Related Financial Risk Report Law (SB 261) and Issues New Guidance on Climate Disclosure Requirements in SB 261 and SB 253
Client Alert | 11 min read | 12.01.25
EU AI Act, GDPR, and Digital Laws Changes Proposed

View All Insights