Friday, August 10, 2018

Compliance - NIST 800-171 - Physical Protection

NIST 800-171

A guideline from NIST provides following security requirements for physical protection (including basic and derived requirements) for protecting the confidentiality of CUI (Controlled Unclassified Information) in nonfederal information systems and organizations. The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53.

Basic Security Requirements:
3.10.1 Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
3.10.2 Protect and monitor the physical facility and support infrastructure for those information systems.

Derived Security Requirements:
3.10.3 Escort visitors and monitor visitor activity.
3.10.4 Maintain audit logs of physical access.
3.10.5 Control and manage physical access devices.
3.10.6 Enforce safeguarding measures for CUI at alternate work sites (e.g., telework sites).

SIEM and Compliance

Keeping up with compliance and reporting is a daunting tasks. SIEM solutions can help us here by providing holistic visibility into the network and improving detection and response capabilities. However, not everything mentioned by NIST is realizable through SIEM. Moreover, Physical Protection is more of a practical scenario and no audit records are generated for the action thus performed.

No comments:

Post a Comment

Windows - Remote Kernel Crash Vulnerability

This kernel crash vulnerability was discovered by FortGuard Lab .  This vulnerability is identified as CVE-2018-1040 . Windows 10, Wind...