American Digital Services adheres to the NIST Special Publication 800-172 for enhanced security requirements for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations. In response to increasing threats to the security of CUI, NIST developed SP 800-172 as an extension of the security requirements and controls outlined in NIST SP 800-171. This publication provides a comprehensive set of enhanced security requirements to protect CUI in nonfederal systems and organizations.
https://csrc.nist.gov/pubs/sp/800/172/final
Key Components
Enhanced Security Requirements
NIST SP 800-172 outlines advanced security measures to mitigate risks from advanced persistent threats (APTs), including but not limited to:
- Risk Management: Implementation of rigorous risk management processes to identify, assess, and mitigate risks to CUI.
- System and Communications Protection: Enhanced measures to protect information systems and communications.
- Awareness and Training: Comprehensive training programs to ensure all personnel understand and can effectively implement enhanced security requirements.
Implementation Tiers
Organizations are encouraged to align their security measures with specific implementation tiers to ensure adequate protection of CUI:
- Tier 1: Basic implementation of enhanced security measures.
- Tier 2: Intermediate implementation with additional controls and protections.
- Tier 3: Advanced implementation with comprehensive and robust security measures.
Continuous Monitoring
Continuous monitoring is essential to maintain the security of CUI. This includes:
- Regular Assessments: Frequent security assessments to identify and remediate vulnerabilities.
- Incident Response: Proactive and reactive measures to respond to security incidents effectively.
- Updates and Patches: Timely updates and patches to address emerging threats and vulnerabilities.
Commitment to Compliance
American Digital Services is committed to maintaining the highest standards of security for protecting CUI. By adhering to the guidelines set forth in NIST SP 800-172, we ensure the integrity, confidentiality, and availability of critical information.