NIST Finalizes Enhanced Security Requirements for Combating Advanced Cyber Threats
Client Alert | 1 min read | 02.09.21
The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with critical programs and high value assets from sophisticated adversaries referred to as advanced persistent threats (APTs).
Although expected to impact relatively few contractors, where applicable, agencies may include select enhanced security requirements from 800-172 in their contract provisions. The Department of Defense (DoD) has also incorporated several of the requirements identified in prior drafts of 800-172 into maturity levels 4 and 5 of the Cybersecurity Maturity Model Certification (CMMC).
Contacts
Partner, Crowell Global Advisors Senior Director
Insights
Client Alert | 6 min read | 09.11.25
U.S. Department of Commerce Partially Relaxes Export Controls on Syria
On August 28, the U.S. Department of Commerce Bureau of Industry and Security (BIS) published a final rule that modifies the Export Administration Regulations (EAR) to reduce the number of export control restrictions on Syria, in alignment with Executive Order 14312, Providing For The Revocation of Syria Sanctions. The key adjustments made by this rule include the addition of new or expanded license exception eligibility for exports and reexports to Syria (which significantly broadens the number of items that can be exported or reexported to Syria) and the adoption of more permissive license review policies for exports and reexports to Syria.
Client Alert | 9 min read | 09.11.25
Client Alert | 1 min read | 09.10.25
Client Alert | 7 min read | 09.10.25
