United States of America: National Institute of Standards and Technology opened consultation on enhanced security requirements for protecting controlled unclassified information, including cyber resiliency objectives

On 29 September 2025, the National Institute of Standards and Technology (NIST) opened a public consultation on the enhanced security requirements for protecting controlled unclassified information, until 14 November 2025. The publication applies to non-federal systems and organisations that process, store, or transmit Controlled Unclassified Information (CUI) associated with critical programmes or high-value assets, and are intended for use by federal agencies in contractual vehicles or other agreements with non-federal entities. The enhanced security requirements support cyber resiliency objectives, and specifically address advanced persistent threats and protection needs for critical systems. NIST invites feedback on the additional enhanced security requirements for critical systems and high value assets, the mappings to protect strategies and adversary effects, and the usefulness of supplementary appendices.