1. Home
  2. |Insights
  3. |NIST Finalizes Enhanced Security Requirements for Combating Advanced Cyber Threats

NIST Finalizes Enhanced Security Requirements for Combating Advanced Cyber Threats

Client Alert | 1 min read | 02.09.21

The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with critical programs and high value assets from sophisticated adversaries referred to as advanced persistent threats (APTs).

Although expected to impact relatively few contractors, where applicable, agencies may include select enhanced security requirements from 800-172 in their contract provisions. The Department of Defense (DoD) has also incorporated several of the requirements identified in prior drafts of 800-172 into maturity levels 4 and 5 of the Cybersecurity Maturity Model Certification (CMMC).

Contacts

Insights

Client Alert | 2 min read | 07.31.25

A Greater Sum of Certainty: ASBCA Weighs in on when Sum Certain Defense Is Not Waived

A recent Armed Services Board of Contract Appeals decision provides useful guidance on when the government may (or may not) waive its defense that a contractor’s claim failed to state a sum certain. In GE Renewables US, LLC, the contractor had submitted a claim to the contracting officer for a determination that the contractor had the right to an economic price adjustment (EPA) due to an inflation-related price increase. Notably, the contractor did not provide the value of its requested adjustment in its claim. The contracting officer denied the claim, and the contractor appealed to the Board....

View All Insights