800-171

NIST 800-171 3.4.9 Control and monitor user-installed software.
Description:    Users can install software in organizational systems if provided the necessary privileges. To maintain control over the software installed,...
Tue, 11 Jul, 2023 at 5:38 AM
NIST 800-171 3.5.1 Identify system users, processes acting on behalf of users, and devices.
Description:    Common device identifiers include Media Access Control (MAC), Internet Protocol (IP) addresses, or device-unique token identifiers. Managem...
Tue, 11 Jul, 2023 at 5:41 AM
NIST 800-171 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.
Description:    Individual authenticators include the following: passwords, key cards, cryptographic devices, and one-time password devices. Initial authen...
Tue, 11 Jul, 2023 at 5:45 AM
NIST 800-171 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.[24] [25].
Description:   Multifactor authentication requires the use of two or more different factors to authenticate. The factors are defined as something you know ...
Tue, 11 Jul, 2023 at 5:49 AM
NIST 800-171 3.5.4 Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
Description:    Authentication processes resist replay attacks if it is impractical to successfully authenticate by recording or replaying previous authent...
Tue, 11 Jul, 2023 at 5:52 AM
NIST 800-171 3.5.5 Prevent reuse of identifiers for a defined period.
Description:    Identifiers are provided for users, processes acting on behalf of users, or devices (3.5.). Preventing reuse of identifiers implies prevent...
Tue, 11 Jul, 2023 at 6:35 AM
NIST 800-171 3.5.6 Disable identifiers after a defined period of inactivity.
Description:    Inactive identifiers pose a risk to organizational information because attackers may exploit an inactive identifier to gain undetected acce...
Tue, 11 Jul, 2023 at 6:39 AM
NIST 800-171 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created.
Description:    This requirement applies to single-factor authentication of individuals using passwords as individual or group authenticators, and in a sim...
Tue, 11 Jul, 2023 at 6:43 AM
NIST 800-171 3.5.8 Prohibit password reuse for a specified number of generations.
Description:    Password lifetime restrictions do not apply to temporary passwords  Priority: High   Category: Centralized Controls Management  ...
Tue, 11 Jul, 2023 at 6:49 AM
NIST 800-171 3.5.9 Allow temporary password use for system logons with an immediate change to a permanent password.
Description:   Changing temporary passwords to permanent passwords immediately after system logon ensures that the necessary strength of the authentication...
Tue, 11 Jul, 2023 at 6:53 AM