As part of ongoing efforts to strengthen protections for securing controlled unclassified information (CUI) in nonfederal systems, NIST has released the following final publications:
- SP 800-172r3 (Revision 3), Enhanced Security Requirements for Protecting Controlled Unclassified Information, provides enhanced security requirements that support cyber resiliency objectives, focus on protecting CUI associated with critical programs and high value assets, and are consistent with the source controls in SP 800-53r5.
- SP 800-172Ar3 (Revision 3), Assessing Enhanced Security Requirements for Controlled Unclassified Information, provides assessment procedures for the enhanced security requirements in SP 800-172r3.
In addition to these documents, NIST is also releasing both the enhanced security requirements and assessment procedures in the Cybersecurity and Privacy Reference Tool (CPRT) and in Open Security Controls Assessment Language (OSCAL) data formats, available through the publication details pages for both SP 800-172r3 and SP 800-172Ar3.
Learn More about the Protecting CUI Project.