Back to blog
Updated: 
March 11, 2025

NIST 800-172

Ensure your organization is meeting NIST 800-172 compliance with this helpful checklist. Learn about the challenges and how to overcome them.

NIST 800-172 compliance: A checklist

NIST 800-172 is a cybersecurity standard that focuses on protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. It provides guidelines and requirements for safeguarding CUI against advanced persistent threats.

This standard outlines security controls and best practices to enhance the protection of sensitive information, helping organizations strengthen their overall cybersecurity posture and mitigate potential risks.

  1. Conduct a thorough assessment of current security controls.
  2. Identify and prioritize high-value assets and data.
  3. Implement security measures to protect high-value assets.
  4. Monitor and continuously assess the effectiveness of security controls.
  5. Develop an incident response plan and conduct regular exercises.

Challenges of complying with NIST 800-172

One challenge an organization might face in complying with NIST 800-172 is the complexity of the requirements outlined in the standard. Understanding and implementing the technical safeguards and controls can be daunting, especially for organizations with limited resources.

Another challenge is the need for continuous monitoring and updating of security measures to align with the evolving threat landscape. This requires a dedicated team and ongoing investment in cybersecurity tools and technologies.

Lastly, ensuring full compliance with NIST 800-172 may involve significant costs, both in terms of initial implementation and ongoing maintenance. Organizations may need to allocate substantial budgets and resources to meet the stringent security requirements set forth in the standard.

Addressing NIST 800-172 requirements with an Enterprise Browser

Organizations contracting with the Department of Defense (DoD) must address NIST 800-172 requirements to ensure that they are “bid compliant” and eligible for contracts.The requirements are based upon the hygiene of the systems and applications interacting with DOD controlled unclassified information (CUI) and a subsequent audit of those controls called Cyber Maturity Model Certification (CMMC). Island Enterprise Browser allows organizations to create application boundaries around DOD CUI data and applications, reducing the size and complexity of the certification.By creating secure application boundaries and embedding robust controls, Island ensures information stays within authorized systems, reducing audit scope and risk.

Table of Contents
Example H2

Get in Touch

Contact us 
Schedule a demo 
Request a quote 

Product

Use Cases

Learn

Partners

About

Legal

  • Terms
  • Mobile app privacy
  • Privacy
  • Accessibility
  • Cookies
Sign up for our newsletter
TermsMobile app privacyPrivacyAccessibilityCookies
Do Not Sell or Share My Personal Information
Do Not Sell or Share My Personal Information