NIST Releases Guidance on Protecting Highly Sensitive Data from Advanced Persistent Threat Actors

The National Institute for Standards and Technology (NIST) has published guidance that can be used by organizations to protect highly sensitive data from advanced persistent threat (APT) actors, including those affiliated with nation-states. NIST’s Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171, offers a set of tools designed to counter the efforts of state-sponsored hackers and complements another NIST publication. “Cyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,” said Ron Ross, a computer scientist and a NIST fellow. “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.” The guidance is primarily intended for use by entities protecting federal “controlled unclassified information” in non-federal systems, such as those used by state and local governments, colleges and universities, and independent research organizations. However, the guidance can be used by anyone seeking to defend against hacks, including those perpetrated by an APT actor. Read more and access the guidance at NIST.