Compliance risk man in the computer

NIST 800 -171 3.1.4

Separate the duties of individuals to reduce the risk of malevolent activity without collusion Malevolent Activity is when someone is trying to inflict harm on an entity like a person, government or company. Organizations must separate CUI handling and processing based tasks that employees work on in order to minimize the chance that they could…

NIST 800 – 171 3.1.3

3.1.3 Control the flow of CUI in accordance with approved authorizations CUI is Controlled Unclassified Information. This is the data that needs to be protected and you need to protect how it arrives, who has access to it, who might have access to where it is stored, how it is stored, etc. You need to…

NIST 800 – 171 3.1.2

Limit information system access to the types of transactions and functions that authorized users are permitted to execute. Once you have a domain and you have identified who will have access to the sensitive data, you will want to restrict access to those systems from any ordinary user or member of your network from accessing…

Compliance and Regulations

NIST 800 – 171 #Part2

Control 3.1.1 Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). What this is referring to is a system from which you are going to use to authenticate users. This will most likely need to be a Windows-based domain. Trying to use no domain…

NIST 800-171 Series

Welcome, we are going to be running a series of articles describing how to address and resolve all of the controls in the NIST 800-171 compliance requirement. The first thing we suggest you do is getting a tracking software product. You can use an excel spreadsheet but this can quickly get out of control. A…