The National Institute of Standards and Technology (NIST) continues to offer timely and relevant information for companies to consider when addressing cyber-risks in an ever-changing landscape.
On February 2, 2021, NIST published an alert outlining tools it has developed to assist companies “to help defend against state-sponsored hackers.” According to its press release, nation-state actors, also known as “advanced persistent threat” (APT), are targeting both governmental agencies and private industry and academia in order to steal “sensitive but unclassified information,” known as ‘controlled unclassified information’ (CUI), that the government relies on “to carry out a wide range of missions using information systems” and, therefore, the “protection of sensitive federal information that resides in nonfederal systems…is of paramount importance, as it can directly impact the federal government’s ability to carry out its operations.”
Following the Chinese government’s 2018 hack of a third-party contractor of the United States Navy in which, according to the Washington Post, the Chinese government “stole a large amount of highly sensitive data on undersea warfare,” NIST developed and published its draft Special Publication SP 800-172 to assist in protecting CUI against APT.
After public comment, the final publication of SP 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171 was released this week for private companies, industry and academia to adopt NIST-developed tools that provide “additional recommendations for handling CUI in situations where that information runs a higher than usual risk of exposure. CUI includes a wide variety of information types, from individuals’ names or Social Security numbers to critical defense information.”
According to NIST, “implementing the cyber safeguards in SP 800-172 will help system owners protect what state-level hackers have considered to be particularly high-value targets: sensitive information about people, technologies, innovation and intellectual property the revelation of which could compromise our economy and national security.”
NIST provides help to all of us in defending against cyber-attacks. NIST says, “The adversaries are bringing their ‘A-game” in these cyberattacks 24 hours a day, 7 days a week…You can start making sure the damage is minimized if you use SP 800-172’s cyber safeguards.”
Take a look at the tools and consider using them to enhance the security of your high-risk data.