CMMCDocs.comHome / Glossary / NIST SP 800-172
NIST SP 800-172
Also known as: NIST 800-172 · 800-172
The NIST publication defining enhanced security requirements for protecting CUI against advanced persistent threats. Forms the technical basis of CMMC Level 3.
NIST Special Publication 800-172 is titled 'Enhanced Security Requirements for Protecting Controlled Unclassified Information.' It defines 35 enhanced requirements designed to protect against advanced persistent threats (APTs) — sophisticated nation-state-level adversaries.
NIST SP 800-172 builds on NIST SP 800-171 and is the technical basis for CMMC Level 3. Unlike Level 2 (which is assessed by commercial C3PAOs), Level 3 assessments are conducted by DIBCAC, the DoD's in-house assessment team.
Level 3 covers a subset of the 35 enhanced requirements; not all of them apply to every Level 3 contract. The DoD designates which enhanced requirements apply on a per-program basis.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account