-
Purpose
NIST 800-172 provides enhanced security requirements for the protection of controlled unclassified information (CUI) on nonfederal systems that are related to critical programs or high value assets.
-
Relationship to NIST 800-171
NIST 800-172's enhanced security requirements supplement NIST 800-171's security requirements, and should be implemented in addition to NIST 800-171's security requirements.
-
Advanced Persistant Threat
NIST 800-172's enhanced security requirements are meant to counter advanced persistent threats (APTs). An APT is an adversary that possesses sophisticated levels of expertise and significant resources (such as a nation state).
-
Protection Strategies
NIST 800-172 defines three protection areas: (1) penetration-resistant architecture, (2) damage-limiting operations, and (3) designing for cyber resiliency and survivability.
-
Adversary Effects
NIST 800-172's enhanced security requirements map to effects on the adversary's ability to disrupt and compromise. The five high level effects are: redirect, preclude, impede, limit, and expose. There are fifteen additional classes of effects, including deceive, preempt, contain, and reveal.
-
Organization-defined Parameter Values
Organization-defined parameter values prompt the organization to define values that are contained in the requirement text, such as defining the frequency of a security review.
NIST 800-172A
Learn about NIST 800-172A and explore its assessment procedures.
CMMC 2.1
Learn about the CMMC and explore its requirements.
What is the purpose of NIST 800-172?
NIST 800-172 provides enhanced security requirements for CUI on nonfederal systems that are related to critical programs or high value assets. The requirements are meant to counter advanced persistent threats (APTs).
How is NIST 800-172 related to CMMC?
How many controls does NIST 800-172 have?
Where did the NIST 800-172 controls come from?
Where can I find a list of the NIST 800-172 controls?
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!