The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced securi
NIST has released Special Publication (SP) 800-172r3 (final public draft), Enhanced Security Requirements for Protecting Controlled Unclassified Information, and SP 800-172Ar3 (initial public draft), Assessing Enhanced Security Requirements for Controlled Unclassified Information, for public comment.
The new enhanced security requirements in SP 800-172r3 support cyber resiliency objectives, focus on protecting CUI, and are consistent with the source controls in SP 800-53r5. SP 800-172Ar3 provides a set of assessment procedures for the enhanced security requirements. These procedures are based on the source assessment procedures in SP 800-53Ar5. Both drafts implement a one-time “revision number” change for consistency with SP 800-171r3 and SP 800-171Ar3.
NIST seeks feedback on both drafts during a 45-day public comment period, from September 29 through November 14, 2025. NIST is specifically interested in comments, feedback, and recommendations on the following topics: