800-171

NIST 800-171 3.1.1 Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
Description: Access control policies (e.g., identity- or role-based policies, control matrices, and cryptography) control access between active entities or...
Mon, 10 Jul, 2023 at 9:50 AM
NIST 800-171 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute.
Description:  Organizations may choose to define access privileges or other attributes by account, by type of account, or a combination of both. System acc...
Tue, 11 Jul, 2023 at 6:13 AM
NIST 800-171 3.1.3 Control the flow of CUI in accordance with approved authorizations.
Description:  Information flow control regulates where information can travel within a system and between systems (versus who can access the information) a...
Tue, 11 Jul, 2023 at 6:13 AM
NIST 800-171 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
Description:  Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without c...
Tue, 11 Jul, 2023 at 6:14 AM
NIST 800-171 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts.
Description:  Organizations employ the principle of least privilege for specific duties and authorized accesses for users and processes. The principle of l...
Mon, 10 Jul, 2023 at 9:49 AM
NIST 800-171 3.1.6 Use non-privileged accounts or roles when accessing nonsecurity functions
Description:  This requirement limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situations where o...
Tue, 11 Jul, 2023 at 6:15 AM
NIST 800-171 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
Description:  Privileged functions include establishing system accounts, performing system integrity checks, conducting patching operations, or administeri...
Tue, 11 Jul, 2023 at 6:16 AM
NIST 800-171 3.14.7 Identify unauthorized use of the information system.
Description: System monitoring includes external and internal monitoring. System monitoring can detect unauthorized use of organizational systems. System m...
Tue, 11 Jul, 2023 at 2:35 AM
NIST 800-171 3.1.8 Limit unsuccessful logon attempts.
Description:  This requirement applies regardless of whether the logon occurs via a local or network connection.  Due to the potential for denial of servic...
Tue, 11 Jul, 2023 at 6:17 AM
NIST 800-171 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Description: System monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at the system bo...
Mon, 10 Jul, 2023 at 9:07 AM