NIST Enhances Final Draft of NIST SP 800-172, Enhanced Security Requirements
Client Alert | 1 min read | 07.08.20
The National Institute of Standards and Technology (NIST) recently released the final public draft of NIST Special Publication (SP) 800-172, formerly known as Draft NIST SP 800-171B. Building on the security requirements in NIST SP 800-171, the applicable standard under DFARS 252.204-7012, 800-172 provides 34 enhanced requirements to protect Controlled Unclassified Information (CUI) associated with critical programs or high value assets from the risks posed by advanced persistent threats (APTs).
Unlike prior drafts, 800-172 incorporates the protection strategy and desired effects on the adversary directly into the implementation guidance for each control. The Department of Defense (DoD) expects 800-172 to impact fewer than one percent of defense contractors. However, numerous requirements from Draft 800-171B were incorporated into the Cybersecurity Maturity Model Certification (CMMC) Levels 4 and 5, likely giving commenters the opportunity to affect future CMMC revisions.
Comments for the final public draft are due August 21, 2020.
Insights
Client Alert | 3 min read | 04.23.25
Auto Dealers: Buckle-Up Enhanced State-Level Enforcement Ahead
The Fifth Circuit vacated the FTC’s Combatting Auto Retail Scams (CARS) Rule in January of this year, finding that the FTC failed to follow the correct administrative procedures when it promulgated the regulation.
Client Alert | 2 min read | 04.23.25
Client Alert | 11 min read | 04.23.25
Client Alert | 4 min read | 04.23.25