NIST Issues Guidance for Securing Critical Unclassified Data Against Advanced Persistent Threats

NIST Issues Guidance for Securing Critical Unclassified Data Against Advanced Persistent Threats
TIC 3.0 Use Case Guide

The National Institute of Standards and Technology (NIST) has released a final guidance containing recommendations on how to protect controlled unclassified information from advanced persistent threats.

Ron Ross, a computer scientist and NIST fellow, said the organization published the guidance in response to reported critical cyber attacks to U.S. infrastructure.

“Cyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,” said Ross. “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.” 

The Special Publication (SP) 800-172 serves as a supplement to another NIST guidance and includes toolsets to help mitigate breaches from state-sponsored threat actors seeking to obtain key information such as defense data and intellectual property.

According to NIST, the SP is primarily meant to help program managers, administrators, chief information officers and system auditors in establishing resilient system architectures and damage-limiting approaches depending on the needs of specific organizations.

“The decision to select a particular set of enhanced security requirements will be based on your mission and business needs — and then guided and informed by ongoing risk assessments,” said Ross.

You may also be interested in...

Defense Innovation Unit

DIU Seeks New Access Security Tool for Commercial Engagements

The Defense Innovation Unit (DIU) is interested in using commercial multifactor authentication to facilitate secure access to industrial systems not directly connected to U.S. military networks. DIU is in search of a tool that would verify identities on platforms not accessible via a military-issued common access card. DIU intends to this tool to securely collaborate with commercial partners.