The National Institute of Standards and Technology (NIST) has released a final guidance containing recommendations on how to protect controlled unclassified information from advanced persistent threats.
Ron Ross, a computer scientist and NIST fellow, said the organization published the guidance in response to reported critical cyber attacks to U.S. infrastructure.
“Cyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,” said Ross. “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.”
The Special Publication (SP) 800-172 serves as a supplement to another NIST guidance and includes toolsets to help mitigate breaches from state-sponsored threat actors seeking to obtain key information such as defense data and intellectual property.
According to NIST, the SP is primarily meant to help program managers, administrators, chief information officers and system auditors in establishing resilient system architectures and damage-limiting approaches depending on the needs of specific organizations.
“The decision to select a particular set of enhanced security requirements will be based on your mission and business needs — and then guided and informed by ongoing risk assessments,” said Ross.