800-171

NIST 800-171 3.11.3 Remediate vulnerabilities in accordance with risk assessments.
Description:    Vulnerabilities discovered, for example, via the scanning conducted in response to 3..2, are remediated with consideration of the related a...
Sat, 8 Jul, 2023 at 2:54 PM
NIST 800-171 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.
Description:   Organizations assess security controls in organizational systems and the environments in which those systems operate as part of the system d...
Tue, 11 Jul, 2023 at 6:54 AM
NIST 800-171 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
Description:   The plan of action is a key document in the information security program. Organizations develop plans of action that describe how any unimpl...
Tue, 11 Jul, 2023 at 6:50 AM
NIST 800-171 3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
Description:    Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational...
Sat, 8 Jul, 2023 at 3:10 PM
NIST 800-171 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to
Description:    System security plans relate security requirements to a set of security controls. System security plans also describe, at a high level, how...
Sat, 8 Jul, 2023 at 3:14 PM
NIST 800-171 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.
Description:    Communications can be monitored, controlled, and protected at boundary components and by restricting or prohibiting interfaces in organizat...
Tue, 11 Jul, 2023 at 6:03 AM
NIST 800-171 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
Description:    Organizations apply systems security engineering principles to new development systems or systems undergoing major upgrades. For legacy sys...
Sat, 8 Jul, 2023 at 3:26 PM
NIST 800-171 3.13.3 Separate user functionality from system management functionality.
Description:    System management functionality includes functions necessary to administer databases, network components, workstations, or servers, and typ...
Tue, 11 Jul, 2023 at 5:50 AM
NIST 800-171 3.13.4 Prevent unauthorized and unintended information transfer via shared system resources.
Description:    The control of information in shared system resources (e.g., registers, cache memory, main memory, hard disks) is also commonly referred to...
Sat, 8 Jul, 2023 at 3:35 PM
NIST 800-171 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
Description:    Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones (DMZs). DMZs are typic...
Sat, 8 Jul, 2023 at 3:41 PM