NIST Introduces New Security Requirements to Improve Data Confidentiality
The National Institute of Standards and Technology has published an accompanying document to Special Publication 800-171 that provides federal agencies with enhanced security requirements for protecting controlled unclassified information.
SP 800-172, which was published in light of the SolarWinds Orion hack, offers security controls to help agencies structure systems to be resistant against malicious actors, improve threat detection and damage mitigation capabilities and ensure recovery from cyber attacks.
Recommendations in the report are meant for components of nonfederal systems that process, store or transmit CUI. It also applies to those that provide security protection for such components when the designated CUI is linked to a critical program or high value asset.
Blake Moore, former chief of staff for the Pentagon’s chief information officer and now a vice president at Wickr, considers the new guidelines to be critical in preventing the next SolarWinds hack across the public and private sectors.
Moore told FCW that the document provides a road map for agencies of all sizes on how to counter increasingly advanced tradecraft from nation-state actors.
Sarah Powazek, an analyst at the Institute for Security and Technology, also pointed out that SP 800-172 targets daily security operations of federal partners, which may suggest the NIST’s concern about the upstream effects of poor security.
The new security controls, according to Powazek, not only improves the confidentiality of sensitive information but also prevents initial system access for threat actors targeting government agencies.
Tags: advanced persistent threat actor Blake Moore Controlled Unclassified Information cyber threats cybersecurity FCW NIST Sarah Powazek SolarWinds SP 800-172