Enhanced security requirements to help protect the confidentiality, integrity, and availability of Controlled Unclassified Information (CUI) associated with critical programs or high value assets from the advanced persistent threat (APT).
The enhanced security requirements in NIST SP 800-172 are supplemental and do not impact the basic and derived security requirements contained in NIST SP 800-171, nor the scope of the implementation of the NIST SP 800-171 security requirements. The federal entity identifies the applicable enhanced security requirements; not all the enhanced security requirements apply to each system.
Security and Privacy: risk management