U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

NIST Releases Assessment Procedures for Enhanced Security Requirements, NIST Special Publication 800-172A
March 15, 2022

NIST has released Special Publication (SP) 800-172A, Assessing Enhanced Security Requirements for Controlled Unclassified Information, to support the protection of controlled unclassified information associated with a critical program or high value asset in nonfederal systems and organizations. SP 800-172A provides federal agencies and nonfederal organizations with procedures that can be used to assess the enhanced security requirements in SP 800-172.

The assessment procedures are flexible, provide a framework and starting point to assess the enhanced security requirements, and can be tailored to the needs of organizations and assessors. Organizations tailor the assessment procedures by selecting specific assessment methods and objects to achieve the assessment objectives and by determining the scope of the assessment and the degree of rigor applied during the assessment process. The assessment procedures can be employed in self-assessments, independent third-party assessments, or assessments conducted by sponsoring organizations (e.g., federal agencies). Such approaches may be specified in contracts or in agreements by participating parties. The findings and evidence produced during assessments can be used by organizations to facilitate risk-based decisions related to the CUI enhanced security requirements. In addition to developing determination statements for each enhanced security requirement, NIST SP 800-172A introduces an updated structure to incorporate organization-defined parameters into the determination statements.

Please direct questions and comments to sec-cert@nist.gov.

NIST SP 800-172A circle image

Created March 14, 2022, Updated March 15, 2022