The National Institutes of Science and Technology (NIST) continues to offer timely and relevant information for companies to consider when addressing cyber-risks in an ever-changing landscape.

 On February 2, 2021, NIST published an alert outlining tools it has developed to assist companies “to help defend against state-sponsored hackers.” According to its press release, nation-state actors, also known as “advanced persistent threat” (APT), are targeting both governmental agencies and private industry and academia in order to steal “sensitive but unclassified information,” known as ‘controlled unclassified information’ (CUI), that the government relies on “to carry out a wide range of missions using information systems” and, therefore, the “protection of sensitive federal information that resides in nonfederal systems…is of paramount importance, as it can directly impact the federal government’s ability to carry out its operations.”

Following the Chinese government’s 2018 hack of a third-party contractor of the United States Navy in which, according to the Washington Post, the Chinese government “stole a large amount of highly sensitive data on undersea warfare,” NIST developed and published its draft Special Publication SP 800-172 to assist in protecting CUI against APT.

After public comment, the final publication of SP 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171 was released this week for private companies, industry and academia to adopt NIST-developed tools that provide “additional recommendations for handling CUI in situations where that information runs a higher than usual risk of exposure. CUI includes a wide variety of information types, from individuals’ names or Social Security numbers to critical defense information.”

According to NIST, “implementing the cyber safeguards in SP 800-172 will help system owners protect what state-level hackers have considered to be particularly high-value targets: sensitive information about people, technologies, innovation and intellectual property the revelation of which could compromise our economy and national security.”

NIST provides help to all of us in defending against cyber-attacks. NIST says, “The adversaries are bringing their ‘A-game” in these cyberattacks 24 hours a day, 7 days a week…You can start making sure the damage is minimized if you use SP 800-172’s cyber safeguards.”

Take a look at the tools and consider using them to enhance the security of your high-risk data.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.