Security requirements that are to be implemented in addition to the basic and derived security requirements in SP 800-171. The security requirements provide the foundation for a defense-in-depth protection strategy that includes three mutually supportive and reinforcing components: (1) penetration-resistant architecture, (2) damage-limiting operations, and (3) designing for cyber resiliency and survivability.

Source: NIST SP 800-172A | Category: