The Inner Circle

 View Only

Draft NIST Special Publication 800-172A Assessing Enhanced Security Requirements for Controlled Unclassified Information

  • 1.  Draft NIST Special Publication 800-172A Assessing Enhanced Security Requirements for Controlled Unclassified Information

    Posted Apr 27, 2021 11:36:00 AM
      |   view attached
    HI All,

    NIST just published for comment NIST Special Publication 800-172A Assessing Enhanced Security Requirements for Controlled Unclassified Information.

    provides federal agencies and nonfederal organizations with assessment procedures that can be used to carry out assessments of the requirements in NIST SP 800-172. The generalized assessment procedures are flexible, provide a framework and starting point to assess the enhanced security requirements, and can be tailored to the needs of organizations and assessors. Organizations tailor the assessment procedures by selecting specific assessment methods and objects to achieve the assessment objectives and by determining the scope of the assessment and the degree of rigor applied during the assessment process. The assessment procedures can be employed in self-assessments, independent third-party assessments, or assessments conducted by sponsoring organizations (e.g., government agencies). Such approaches may be specified in contracts or in agreements by participating parties. The findings and evidence produced during assessments can be used by organizations to facilitate risk-based decisions related to the CUI enhanced security requirements. In addition to developing determination statements for each enhanced security requirement, Draft NIST SP 800-172A introduces an updated structure to incorporate organization-defined parameters into the determination statements.
    NIST is seeking feedback on the assessment procedures, including the assessment objectives, determination statements, and the usefulness of the assessment objects and methods provided for each procedure. We are also interested in the approach taken to incorporate organization-defined parameters into the determination statements for the assessment objectives.

    A public comment period for this document is open through June 11, 2021. See the publication details for a copy of the draft publication and instructions for submitting comments, preferably using the comment template provided.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------