800-171

NIST 800-171 3.2.1 Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to
Description:   Organizations determine the content and frequency of security awareness training and security awareness techniques based on the specific org...
Tue, 11 Jul, 2023 at 3:43 AM
NIST 800-171 3.2.2 Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.
Description:   Organizations determine the content and frequency of security training based on the assigned duties, roles, and responsibilities of individu...
Tue, 11 Jul, 2023 at 3:51 AM
NIST 800-171 3.2.3 Provide security awareness training on recognizing and reporting potential indicators of insider threat.
Description:    Potential indicators and possible precursors of insider threat include behaviors such as inordinate, long-term job dissatisfaction; attempt...
Tue, 11 Jul, 2023 at 3:58 AM
NIST 800-171 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity
Description:    An event is any observable occurrence in a system, which includes unlawful or unauthorized system activity. Organizations identify event ty...
Tue, 11 Jul, 2023 at 4:03 AM
NIST 800-171 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions.
Description:    This requirement ensures that the contents of the audit record include the information needed to link the audit event to the actions of an ...
Tue, 11 Jul, 2023 at 4:08 AM
NIST 800-171 3.3.3 Review and update logged events.
Description:    The intent of this requirement is to periodically re-evaluate which logged events will continue to be included in the list of events to be ...
Tue, 11 Jul, 2023 at 4:12 AM
NIST 800-171 3.3.4 Alert in the event of an audit logging process failure.
Description:    Audit logging process failures include software and hardware errors, failures in the audit record capturing mechanisms, and audit record st...
Tue, 11 Jul, 2023 at 4:19 AM
NIST 800-171 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.
Description:    Correlating audit record review, analysis, and reporting processes helps to ensure that they do not operate independently, but rather colle...
Mon, 17 Jul, 2023 at 8:26 AM
NIST 800-171 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting.
Description:    Audit record reduction is a process that manipulates collected audit information and organizes such information in a summary format that is...
Tue, 11 Jul, 2023 at 4:29 AM
NIST 800-171 3.3.7 Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records
Description:    Internal system clocks are used to generate time stamps, which include date and time. Time is expressed in Coordinated Universal Time (UTC)...
Tue, 11 Jul, 2023 at 4:33 AM