800-171

NIST 800-171 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
Description:    Audit information includes all information (e.g., audit records, audit log settings, and audit reports) needed to successfully audit system...
Tue, 11 Jul, 2023 at 4:37 AM
NIST 800-171 3.3.9 Limit management of audit logging functionality to a subset of privileged users.
Description:   Individuals with privileged access to a system and who are also the subject of an audit by that system may affect the reliability of audit i...
Tue, 11 Jul, 2023 at 4:41 AM
NIST 800-171 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
Description:    Baseline configurations are documented, formally reviewed, and agreed-upon specifications for systems or configuration items within those s...
Tue, 11 Jul, 2023 at 4:44 AM
NIST 800-171 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems.
Description:    Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system that affec...
Tue, 11 Jul, 2023 at 4:50 AM
NIST 800-171 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems.
Description:    Tracking, reviewing, approving/disapproving, and logging changes is called configuration change control. Configuration change control for o...
Tue, 11 Jul, 2023 at 4:54 AM
NIST 800-171 3.4.4 Analyze the security impact of changes prior to implementation.
Description:   Organizational personnel with information security responsibilities (e.g., system administrators, system security officers, system security ...
Tue, 11 Jul, 2023 at 5:10 AM
NIST 800-171 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems.
Description:    Any changes to the hardware, software, or firmware components of systems can potentially have significant effects on the overall security o...
Tue, 11 Jul, 2023 at 5:16 AM
NIST 800-171 3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.
Description:    Systems can provide a wide variety of functions and services. Some of the functions and services routinely provided by default, may not be ...
Tue, 11 Jul, 2023 at 5:20 AM
NIST 800-171 3.4.7 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.
Description:  Restricting the use of nonessential software (programs) includes restricting the roles allowed to approve program execution; prohibiting auto...
Tue, 11 Jul, 2023 at 5:27 AM
NIST 800-171 3.4.8 Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.
Description:    The process used to identify software programs that are not authorized to execute on systems is commonly referred to as blacklisting. The p...
Tue, 11 Jul, 2023 at 5:31 AM