The National Institute for Standards and Technology (NIST) has published its NIST SP 800-172 to provide advice for contractors that handle sensitive information that could be threatened by adversarial nation-states, FedScoop reported on Friday.
“Cyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,” Ron Ross, a computer scientist and a NIST fellow, said. “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.”
In the report, NIST has analyzed how systems administrators should arrange networks, as well as which security practices could provide additional protection from advanced persistent threats (APTs).
Additionally, NIST highlighted practices that should already be in place for federal contractors, including strong passwords, multi-factor authentication and automated tracking of unauthorized users on a network, as well as maintaining cyber-response teams in the event of a major incident.
NIST SP 800-172 has expanded NIST’s SP 800-171, a set of requirements that often apply to federal contracts that deal with controlled unclassified information (CUI). The Pentagon also launched the Cybersecurity Maturity Model Certification (CMMC) program to ensure contractors are meeting requirements through third-party verification.
NIST’s publication follows the SolarWinds breach, where attackers compromised the company’s update servers to push out malware. President Biden recently stated his administration is introducing an “urgent initiative” to improve the country’s cybersecurity.
“We’ve elevated the status of cyber issues within our government,” Biden said Thursday as part of his national security speech at the State Department. “We are launching an urgent initiative to improve our capability, readiness and resilience in cyberspace.”
Biden cited some of the recent efforts to address cyber issues, including the creation of the new role of deputy national security adviser for cyber and emerging technology. The president appointed Anne Neuberger, formerly director of cybersecurity at the National Security Agency (NSA) and an inductee into the 2021 Wash100 Award, to the newly created position within the National Security Council (NSC) in January.