Page tree
Title: NIST 800-171 Controls Information  
Author: Murad Khan Jul 19, 2019
Last Changed by: Murad Khan Jul 19, 2019
Tiny Link: (useful for email) https://my.exostar.com/x/HYjoAQ
Export As: Word · PDF  
Incoming Links
MyExostar (56)
    Page: 3.3.5 Correlate Audit Review, Analysis, and Reporting
    Page: 3.14.5 Perform periodic scans of the information systems
    Page: Partner Information Manager (PIM) Overview
    Page: 3.10.5 Managing Physical Access Devices
    Page: 3.12.2 Develop and implement plans of action
    Page: 3.13.15 Protect the Authenticity of Communications Sessions
    Page: 3.4.1 Establishing and Maintaining Baseline Configurations and Inventories
    Page: Oceaneering Overview
    Page: 3.1.6 Accessing Non-Security Functions
    Page: 3.13.7 Preventing Simultaneous Remote Connections from Devices
    Page: 3.5.5 Prevent reuse of identifiers for a defined period
    Page: Huntington Ingalls Industries (HII) Overview
    Page: 3.7.5 Multi-Factor Authentication to Establish Non-Local Maintenance Sessions
    Page: 3.4.4 Analyzing the Security Impact of Changes
    Page: 3.5.6 Disable identifiers after a defined period of inactivity
    Page: 3.14.1 Reporting Information and System Flaws
    Page: 3.10.6 Enforce safeguarding measures for CUI at alternate work sites
    Page: 3.8.7 Control the use of removable media on system components
    Page: 3.6.1 Establish an operational incident-handling capability
    Page: 3.13.11 FIPS-Validated Cryptography
    Page: 3.5.10 Store and transmit only encrypted representation of passwords
    Page: 3.11.1 Assess Risk to Organizational Operations
    Page: 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI
    Page: 3.5.8 Prohibit password reuse
    Page: 3.1.20 Verify and control/limit connections to and use of external systems
    Page: Leidos Overview
    Page: 3.14.2 Provide protection from malicious code
    Page: 3.11.2 Scan for Vulnerabilities
    Page: 3.4.2 Establish and Enforce Security Configuration Settings
    Page: 3.10.1 Limit physical access to organizational information systems
    Page: 3.4.9 Control and monitor user-installed software
    Page: 3.1.13 Employ cryptographic mechanisms to protect remote sessions
    Page: 3.5.7 Enforce a minimum password complexity
    Page: 3.4.8 Applying Deny-by-Exception (Blacklisting) or Permit-by-Exception (Whitelisting) Policies
    Page: 3.1.18 Control connection of mobile devices
    Page: 3.2.2 Personnel Adequately Trained to Carry out Duties
    Page: 3.8.1 Protect (i.e., physically control and securely store)
    Page: 3.13.12 Prohibit remote activation of collaborative computing devices
    Page: 3.5.4 Replay-Resistant Authentication for Accounts
    Page: 3.5.2 Authenticate (or verify) the identities of users, processes, or devices
    Page: 3.12.3 Monitor security controls on an ongoing basis
    Page: 3.9.2 Ensure that CUI and organizational systems containing CUI are protected
    Page: 3.1.9 Provide privacy and security notices consistent with applicable CUI rules
    Page: 3.13.5 Sub-Networks for Publicly Accessible System Components
    Page: 3.5.3 Multi-Factor Authentication
    Page: 3.1.19 Encrypt CUI on mobile devices
    Page: 3.1.8 Limit unsuccessful logon attempts
    Page: 3.12.4 Develop, document, periodically update, and implement system security plans
    Page: Sierra Nevada Corporation Overview
    Page: 3.1.17 Protect wireless access using authentication and encryption
    Page: 3.6.3 Testing Organizational Incident Response Capability
    Page: 3.13.1 Monitor, control, and protect communications
    Page: 3.8.3 Sanitize or destroy system media containing CUI
    Page: 3.13.4 Prevent Unintended Information Transfer
    Page: MDA Pilot Program
    Page: 3.5.9 Allow temporary password use for system logons with an immediate change
Hierarchy
Parent Page
    Page: NIST Information
Children (50)
    Page: 3.1.6 Accessing Non-Security Functions
    Page: 3.1.8 Limit unsuccessful logon attempts
    Page: 3.1.9 Provide privacy and security notices consistent with applicable CUI rules
    Page: 3.1.13 Employ cryptographic mechanisms to protect remote sessions
    Page: 3.1.17 Protect wireless access using authentication and encryption
    Page: 3.1.18 Control connection of mobile devices
    Page: 3.1.19 Encrypt CUI on mobile devices
    Page: 3.1.20 Verify and control/limit connections to and use of external systems
    Page: 3.2.2 Personnel Adequately Trained to Carry out Duties
    Page: 3.3.5 Correlate Audit Review, Analysis, and Reporting
Outgoing Links
External Links (9)
    https://www.gov.uk/government/uploads/system/uploads/attach…
    gov.uk/
    https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/re…
    https://csrc.nist.gov/publications/detail/sp/800-171a/draft
    https://www.nist.gov/
    https://csrc.nist.gov/CSRC/media//Publications/sp/800-171/r…
    nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf
    https://my.exostar.com/display/TE/3.12.4+Develop%2C+documen…
    nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf
MyExostar (56)     Page: 3.10.1 Limit physical access to organizational information systems
    Page: 3.3.5 Correlate Audit Review, Analysis, and Reporting
    Page: 3.5.5 Prevent reuse of identifiers for a defined period
    Page: 3.4.1 Establishing and Maintaining Baseline Configurations and Inventories
    Page: 3.13.4 Prevent Unintended Information Transfer
    Page: 3.2.2 Personnel Adequately Trained to Carry out Duties
    Page: 3.14.5 Perform periodic scans of the information systems
    Page: 3.4.9 Control and monitor user-installed software
    Page: 3.8.3 Sanitize or destroy system media containing CUI
    Page: 3.1.17 Protect wireless access using authentication and encryption
    Page: 3.5.7 Enforce a minimum password complexity
    Page: 3.13.15 Protect the Authenticity of Communications Sessions
    Page: 3.10.6 Enforce safeguarding measures for CUI at alternate work sites
    Page: 3.10.5 Managing Physical Access Devices
    Page: 3.5.10 Store and transmit only encrypted representation of passwords
    Page: 3.12.2 Develop and implement plans of action
    Page: 3.5.4 Replay-Resistant Authentication for Accounts
    Page: 3.12.4 Develop, document, periodically update, and implement system security plans
    Page: 3.13.11 FIPS-Validated Cryptography
    Page: 3.6.1 Establish an operational incident-handling capability
    Page: 3.13.5 Sub-Networks for Publicly Accessible System Components
    Page: 3.8.1 Protect (i.e., physically control and securely store)
    Page: 3.1.13 Employ cryptographic mechanisms to protect remote sessions
    Page: 3.13.12 Prohibit remote activation of collaborative computing devices
    Page: NIST Information
    Page: 3.13.1 Monitor, control, and protect communications
    Page: 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI
    Page: Get Started - PIM
    Page: Register - PIM
    Page: 3.5.2 Authenticate (or verify) the identities of users, processes, or devices
    Page: 3.12.3 Monitor security controls on an ongoing basis
    Page: 3.11.1 Assess Risk to Organizational Operations
    Page: 3.14.1 Reporting Information and System Flaws
    Page: 3.9.2 Ensure that CUI and organizational systems containing CUI are protected
    Page: 3.5.3 Multi-Factor Authentication
    Page: MDA Pilot Program
    Page: 3.5.8 Prohibit password reuse
    Page: Partner Information Manager (PIM)
    Page: 3.7.5 Multi-Factor Authentication to Establish Non-Local Maintenance Sessions
    Page: 3.6.3 Testing Organizational Incident Response Capability
    Page: 3.5.6 Disable identifiers after a defined period of inactivity
    Page: 3.1.6 Accessing Non-Security Functions
    Page: 3.14.2 Provide protection from malicious code
    Page: Credentialing - PIM
    Page: 3.1.19 Encrypt CUI on mobile devices
    Page: 3.1.9 Provide privacy and security notices consistent with applicable CUI rules
    Page: 3.5.9 Allow temporary password use for system logons with an immediate change
    Page: 3.1.18 Control connection of mobile devices
    Page: 3.1.8 Limit unsuccessful logon attempts
    Page: 3.8.7 Control the use of removable media on system components
    Page: 3.13.7 Preventing Simultaneous Remote Connections from Devices
    Page: 3.4.4 Analyzing the Security Impact of Changes
    Page: Partner Information Manager (PIM) Overview
    Page: 3.4.8 Applying Deny-by-Exception (Blacklisting) or Permit-by-Exception (Whitelisting) Policies
    Page: 3.11.2 Scan for Vulnerabilities
    Page: 3.4.2 Establish and Enforce Security Configuration Settings