NIST Invites Comments on Enhanced Security Requirements for Protecting Controlled Unclassified Information

The initial public draft (ipd) of NIST Special Publication (SP) 800-172r3 (Revision 3), Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI), is available for comment.

SP 800-172r3 provides recommended security requirements to protect the confidentiality, integrity, and availability of CUI when it is resident in a nonfederal system and organization and is associated with a high value asset or critical program. The enhanced security requirements give organizations the capability to achieve a multidimensional, defense-in-depth protection strategy against advanced persistent threats (APTs) and help to ensure the resiliency of systems and organizations. The enhanced security requirements in SP 800-172r3 supplement the security requirements in SP 800-171 and are intended for use by federal agencies in contractual vehicles or other agreements between those agencies and nonfederal organizations. There is no expectation that all of the enhanced security requirements are needed universally; enhanced security requirements are selected by federal agencies based on specific mission needs and risks.

Submit Your Comments

The public comment period is open through January 10, 2025. NIST strongly encourages you to use the comment template available on the publication details page and submit comments to 800-171comments@list.nist.gov. Comments received in response to this request will be posted on the Protecting CUI project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed.

NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: 800-171comments@list.nist.gov
CSRC Website questions: csrc-inquiry@nist.gov