NIST SP 800-172 is a supplementary publication to NIST SP 800-171 that provides 35 enhanced security requirements designed to protect controlled unclassified information (CUI) on non-federal systems, especially when related to critical programs or high-value assets. It aims to strengthen cybersecurity defenses against advanced persistent threats (APTs) by implementing a three-part protection strategy: penetration-resistant architecture, damage-limiting operations, and cyber resiliency survivability. These enhanced controls go beyond the foundational safeguards of NIST SP 800-171 and are selected by federal agencies based on risk assessments to ensure robust protection of sensitive government data in the supply chain and other critical environments
Home / Function (NIST CSF 2.0) / PR - Protect / DS - Data Security