NIST Enhances Final Draft of NIST SP 800-172, Enhanced Security Requirements
Client Alert | 1 min read | 07.08.20
The National Institute of Standards and Technology (NIST) recently released the final public draft of NIST Special Publication (SP) 800-172, formerly known as Draft NIST SP 800-171B. Building on the security requirements in NIST SP 800-171, the applicable standard under DFARS 252.204-7012, 800-172 provides 34 enhanced requirements to protect Controlled Unclassified Information (CUI) associated with critical programs or high value assets from the risks posed by advanced persistent threats (APTs).
Unlike prior drafts, 800-172 incorporates the protection strategy and desired effects on the adversary directly into the implementation guidance for each control. The Department of Defense (DoD) expects 800-172 to impact fewer than one percent of defense contractors. However, numerous requirements from Draft 800-171B were incorporated into the Cybersecurity Maturity Model Certification (CMMC) Levels 4 and 5, likely giving commenters the opportunity to affect future CMMC revisions.
Comments for the final public draft are due August 21, 2020.
Contacts
Senior Counsel
She/Her/Hers
Insights
Client Alert | 2 min read | 04.29.25
President Trump Issues Executive Order Deprioritizing Disparate Impact Theory of Discrimination
On April 23, 2025, President Trump signed an executive order, Restoring Equality of Opportunity and Meritocracy, declaring it the policy of the United States “to eliminate the use of disparate-impact liability in all contexts to the maximum degree possible to avoid violating the constitution, Federal civil rights laws, and basic American ideals.” The order reasons that “disparate impact liability all but requires individuals and businesses to consider race and engage in racial balancing to avoid potentially crippling legal liability.”
Client Alert | 6 min read | 04.28.25
Client Alert | 3 min read | 04.28.25
Client Alert | 3 min read | 04.25.25
