Posts

Compliance - NIST 800-171 - Systems and Information Integrity

Image
NIST 800-171

A guideline from NIST provides following security requirements for systems and information integrity (including basic and derived requirements) for protecting the confidentiality of CUI (Controlled Unclassified Information) in nonfederal information systems and organizations. The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

Basic Security Requirements:
3.14.1 Identify, report, and correct information and system flaws in a timely manner.
3.14.2 Provide protection from malicious code at appropriate locations within organizational systems.
3.14.3 Monitor system security alerts and advisories and take appropriate actions in response.

Derived Security Requirements:
3.14.4 Update malicio…

Compliance - NIST 800-171 - Risk Assessment

Image
NIST 800-171

A guideline from NIST provides following security requirements for risk assessment (including basic and derived requirements) for protecting the confidentiality of CUI (Controlled Unclassified Information) in nonfederal information systems and organizations. The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

Basic Security Requirements:
3.11.1 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission of CUI.

Derived Security Requirements:
3.11.2 Scan for vulnerabilities …

Compliance - NIST 800-171 - Media Protection

Image
NIST 800-171

A guideline from NIST provides following security requirements for media protection (including basic and derived requirements) for protecting the confidentiality of CUI (Controlled Unclassified Information) in nonfederal information systems and organizations. The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

Basic Security Requirements:
3.8.1 Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital.
3.8.2 Limit access to CUI on information system media to authorized users.
3.8.3 Sanitize or destroy information system media containing CUI before disposal or release for reuse.

Derived Security Requirements:
3.8.4 Mark media …

Compliance - NIST 800-171 - Maintenance

Image
NIST 800-171

A guideline from NIST provides following security requirements for maintenance (including basic and derived requirements) for protecting the confidentiality of CUI (Controlled Unclassified Information) in nonfederal information systems and organizations. The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

Basic Security Requirements:
3.7.1 Perform maintenance on organizational information systems.24
3.7.2 Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct
information system maintenance.

Derived Security Requirements:
3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI.
3.7.4 Check media containing diagnostic and t…

Compliance - NIST 800-171 - Incident Response

Image
NIST 800-171

A guideline from NIST provides following security requirements for incident response (including basic and derived requirements) for protecting the confidentiality of CUI (Controlled Unclassified Information) in nonfederal information systems and organizations. The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

Basic Security Requirements:
3.6.1 Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
3.6.2 Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization.

Derive…