The National Institute of Standards and Technology (NIST) has issued a Special Publication (SP) to help organizations protect sensitive information on different electronic systems from state-sponsored hacking.
SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: a Supplement to NIST SP 800-171, offers tools to help counter cyberattack efforts by state-sponsored hackers, and protect vulnerable data such as “controlled unclassified information” (CUI).
“Cyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,” Ron Ross, a computer scientist and a NIST fellow, said in a news release. “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.”
Since the Federal government relies on non-Federal service providers to carry out missions using information systems, it’s important to protect the sensitive information in those systems “as it can directly impact the Federal government’s ability to carry out its operations,” NIST said.
“Implementing the cyber safeguards in SP 800-172 will help system owners protect what state-level hackers have considered to be particularly high-value targets: sensitive information about people, technologies, innovation and intellectual property, the revelation of which could compromise our economy and national security,” said Ross.
According to NIST, the SP is the product of feedback received during the public comment period, as well as having “updated scoping and applicability guidance and a more flexible requirements selection approach to allow organizations to customize their security solutions.”