NIST 800 -171 3.1.7

Prevent non-privileged users from executing privileged functions and audit the execution of such functions. Here is where the separation of admin accounts and non-admin accounts helps you with this control. Don’t allow the non-admin accounts to have any access or ability to perform any commands that a privileged account will create. If you follow the…

Details

NIST 800 – 171 3.1.6

Use non-privileged accounts or roles when accessing nonsecurity functions. The object of this control is to set up an admin-account and a non-admin-account for privileged access and no-privileged access. This control seeks to separate admin accounts from non-admin accounts and what actions are performed by each. The best way to go about this is to…

Details

NIST 800 -171 3.1.5

Employ the principle of least privilege, including for specific security functions and privileged accounts. What is the principle of least privilege? It is when you give a person’s account the bare minimum of permissions and capabilities they need to do their job. You basically lock their account down to the point that they can’t access…

Details

How to fill out your POA&M

Your POA&M is your Plan of Action and Milestone document. Here are some key strategies and best practices that you need to observe when you are filling out your POA&M document. Through the course of your audit and your security analysis or your compliance audit, information system audit or any other IT-based audits you are…

Details

The Benefits of 24/7 Monitoring

Downtime is one of the biggest losses a company can take. To large corporations, network downtime could mean millions of dollars lost. While smaller companies don’t lose as much money, it still makes a significant impact on their bottom line. One of the best ways to avoid this problem is to work with a managed…

Details