Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time

5 years ago Steven Tipton
NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time

NIST’s timely new release of Special Publication (SP) 800-172 (formerly referred to in draft form as 800-171B) provides exactly what its title says, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171. Yet it goes a step further to protect controlled unclassified information (CUI) specifically from APTs.

According to Scott Goodwin, IT audit and security supervisor with OCD Tech and Tripwire guest blog contributor, the latest NIST guidance “…introduces 33 enhanced security requirements designed to help protect DoD contractors (specifically, their high-value-assets and critical programs including CUI) from modern attack tactics and techniques related to Advanced Persistent Threats (APTs). These sophisticated attacks are most often executed by nation-state-backed cyber-criminals whose goal is to steal data relevant to national security.” 

As witnessed in the SolarWinds Orion attack and recent others, threats that go undetected can be the most damaging to both private and public sector environments. As an entity supported by thousands of non-federal service providers, the government has to make certain that CUI stored by commercial partners is protected.

This was the government’s intent for NIST’s original SP 800-171. It was that nonfederal entities supporting government business would not only have guidance for securing CUI but would also have a solid framework for complying with requirements such as the DoD’s DFARS clause 252.204-7012. If companies want to continue doing business with the government, SP 800-171 and now SP 800-172 need to be top priority for program managers, CIOs, system auditors, etc.

“We developed SP 800-171 in response to major cyberattacks on U.S. critical infrastructure, and its companion document SP 800-172 is designed to mitigate attacks from advanced cyber threats such as the APT,” Ross said. “Implementing the cyber safeguards in SP 800-172 will help system owners protect what state-level hackers have considered to be particularly high-value targets: sensitive information about people, technologies, innovation and intellectual property, the revelation of which could compromise our economy and national security.”

Tripwire can help implement SP 800-171

All in all, NIST 800-172 is a much needed and timely update to NIST 800-171. It goes a long way towards enhancing the security requirements, and it is intended to supplement the security requirements in SP 800-171 that are in use by federal agencies that utilize contractual vehicles as well as other agreements established between those agencies and non-federal organizations. It’s a good update not only for government systems but also for private and public organizations.

Tripwire can help your organization successfully implement and monitor the suggested system security controls offered in SP800-171. For more information, be sure to check out Tripwire Enterprise.

For a breakdown of SP 800-172 (formerly 171B) requirements, visit https://www.tripwire.com/state-of-security/regulatory-compliance/overview-nist-800-171b/.

The post ” NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time” appeared first on TripWire

Source:TripWire – Steven Tipton

Tags: APT, Critical Severity, Finance, Goverment, High Severity, TripWire

Continue Reading

Previous Watch Out! That Android System Update May Contain A Powerful Spyware
Next PHP’s Git Server Hacked to Insert Secret Backdoor to Its Source code

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

18 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

22 hours ago [email protected] (The Hacker News)
  • Data Breach

The Buyer’s Guide to AI Usage Control

24 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

1 day ago [email protected] (The Hacker News)

Recent Posts

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
  • Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
  • AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
  • ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
  • The Buyer’s Guide to AI Usage Control

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT