NIST Special Publication 800-172 Revision 3

Policies, frameworks, and compliance standards we hold ourselves to.

Back to Legal Documents

American Digital Services, LLC applies NIST SP 800-172 Revision 3 enhanced security requirements to protect Controlled Unclassified Information (CUI) associated with critical programs and high-value assets.

https://csrc.nist.gov/pubs/sp/800/172/r3/final

NIST SP 800-172 supplements the foundational baseline of NIST SP 800-171 by providing enhanced security requirements designed to combat Advanced Persistent Threats (APTs). These advanced controls apply to nonfederal systems processing, storing, or transmitting CUI that is tied to high-value assets or critical defense programs.

Enhanced Defense-in-Depth Strategies

The enhanced security requirements establish a multidimensional protection strategy that focuses on three primary pillars:

  • Penetration-Resistant Architecture: Designing systems that significantly limit an adversary's ability to compromise the network or establish footholds.
  • Damage-Limiting Operations: Employing capabilities that restrict the blast radius and lateral movement of an attack if a breach occurs.
  • Cyber Resiliency and Survivability: Anticipating attacks and ensuring the system can continue operating while under stress or immediately recover to a secure state.

Recent Updates & Release Status

  • Release of Revision 3: To ensure alignment with the latest SP 800-53r5 controls and SP 800-171r3, NIST officially published the finalized SP 800-172 Revision 3 (Enhanced Security Requirements for Protecting Controlled Unclassified Information) on May 13, 2026.
  • Companion Assessment Procedures: Issued concurrently on May 13, 2026, NIST SP 800-172Ar3 outlines the specific assessment methods and procedures used by assessors to verify the proper implementation of these enhanced cyber resiliency objectives.

Commitment to Compliance

By architecting our environments to support the enhanced requirements of NIST SP 800-172 Revision 3, American Digital Services provides defense contractors and specialized partners with a secure foundation capable of defending against highly sophisticated, state-sponsored cyber adversaries.

Ready to get CMMC-ready, secure, and supported?

We implement and maintain the controls โ€” independent assessors verify them.

Contact Us 800-863-3854