NIST 800 – 171 3.1.2
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
Once you have a domain and you have identified who will have access to the sensitive data, you will want to restrict access to those systems from any ordinary user or member of your network from accessing them. This control refers to access, which can go hand in hand with how users access the systems that the sensitive or classified data is stored on. You want to protect systems from access, from unauthorized operators and methods. You want to ensure you have password protection, two-factor authentication and that you restrict who can access systems and how. You do not want to have users with mobile devices able to access the secure data or users who are employing a virtual private network either if you do we will discuss how to lock these devices down in other controls. If your small or mid-size business lacks the expertise, a certified Managed Security Service Provider can assist with implementing these policies.
Since you rarely have the ability to control Mobile Phones, home computers, BYOD devices, USB drives, and wireless connected devices. You want to restrict access by denying all of these devices from connecting to the network resource or application that holds the Classified Information. Subsequently, you will want to detect if anyone is trying to access these systems from any of these types of devices. You can also employ a Virtual Lan or Vlan. Keep all your restricted data on a Virtual LAN cut off from the rest of the company. Only allow machines that are authorized to connect to the VLAN with the Classified data on it. You can also put a firewall in between your Classified data network and the company network as an additional step, which will address several more controls.
Single Point of Contact was founded in 1999 and is a Managed Security Service Provider in the San Francisco Bay Area. We tailor our IT security services to take into consideration the every day challenges businesses face. Cybersecurity issues often stem from within an organization, so we take proactive measures to ensure everyone from top to bottom understands the ramifications of a cyberattack. Don’t hesitate to contact us to see how we can help better protect your company.

Subscribe to our Podcast