Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Protecting CUI

Protecting Controlled Unclassified Information CUI

SP 800-172

NIST SP 800-172 LogoEnhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

Purpose

Enhanced security requirements to help protect the confidentiality, integrity, and availability of Controlled Unclassified Information (CUI) associated with critical programs or high value assets from the advanced persistent threat (APT).

Scope

The enhanced security requirements in NIST SP 800-172 are supplemental and do not impact the basic and derived security requirements contained in NIST SP 800-171, nor the scope of the implementation of the NIST SP 800-171 security requirements. The federal entity identifies the applicable enhanced security requirements; not all the enhanced security requirements apply to each system. 

Download the SP 800-172 Enhanced Security Requirements in different formats:
Other Resources

 

Contacts

Ron Ross
ron.ross@nist.gov

Victoria Yan Pillitteri
victoria.yan@nist.gov

Topics

Security and Privacy: risk management

Created June 13, 2019, Updated March 13, 2024