The National Institute of Standards and Technology just updated one of its information security guides with new recommendations for handling Controlled Unclassified Information (CUI).
And while the latest guidelines are written for government agencies and contractors, they could also help you protect your organization's sensitive data.
What's in the NIST sensitive data update?
NIST provided its latest recommendations in SP 800-171B, which includes 32 enhanced security requirements.
It explained that the document includes "additional tools to help deal with what are considered 'advanced persistent threats'—those adversaries who possess the expertise and resources to play the long game of cyber warfare."
NIST warned against the longevity of these threats:
"They often attempt to establish long-term footholds within a target’s infrastructure to steal information or undermine critical aspects of its mission, sometimes years after the initial breach."
How can this help protect your organization?
Ron Ross, one of SP 800-171B's authors, explained the document's implications for data protection:
“Everyone has high value assets, from small businesses to Fortune 500 companies,” he said. “These enhanced defenses are great tools for anyone to use."
He also stressed that these recommendations have vast implications for data protection:
"The strategies in SP 800-171B can help you take away the adversary’s tactical advantage and protect and preserve your organization’s high value assets and critical programs, even after the adversary has penetrated your system. The game is not lost after that initial penetration or breach. It’s just beginning."
The ultimate goal? In the "game" of cybersecurity, Ross says it is to "confuse, deceive, and impede the adversary."
And NIST has just given you the latest playbook on how to do it.