The Broadside — Deep Fathom · Compliance Matters

The BroadsideCompliance Matters

Watch hubs RSS →

01TOP NEWS

NIST releases SP 800-172r3, tightening enhanced CUI controls

nist-800-172/standards

NIST releases SP 800-172r3, tightening enhanced CUI controls

The third major revision in five years expands access control, network segmentation, asset management, and supply chain requirements, and no transition timeline for r2 contractors exists yet.

MAY 13·nist.gov ↗

NIST NCCoE releases SP 1800-41 draft on ICS/OT incident response

nist-800-171/standards

NIST NCCoE releases SP 1800-41 draft on ICS/OT incident response

The first NIST guidance aimed squarely at manufacturing OT response and recovery signals a shift from preventive controls toward operational resilience, with CMMC implications still unresolved.

THU·nist.gov ↗

enforcement/regulator

CISA adds Cisco SD-WAN auth bypass to KEV Catalog

Emergency Directive 26-03 is already live; this KEV addition raises the remediation floor for FCEB agencies.

MAY 14·cisa.gov ↗

nist-800-171/standards

NIST SP 800-70 Rev 5 mandates CSF 2.0 traceability in federal checklists

Checklist developers who skip the new cross-framework mapping lose NCP participation; assessors now need evidence tied to CSF 2.0 outcomes, not just control IDs.

MAY 8·nist.gov ↗

nist-800-172/standards

NIST opens comment period on SP 800-52 Rev. 2 TLS guidelines

The real question isn't TLS 1.3 alignment, it's whether NIST will demote TLS 1.2 from required to optional, which sets the pace of cryptography deprecation across CMMC-tied frameworks.

MAY 7·nist.gov ↗

02THE RIVER