What are the categories covered in NIST 800-171?

The guidelines of NIST 800-171 provide a framework for protecting Controlled Unclassified Information (CUI) in non-federal computer systems. The guidelines consist of 110 security controls that are grouped into 14 families:

Access Control: This family includes security controls that are designed to ensure that only authorized personnel can access CUI. Examples of access control controls include account management, separation of duties, and access permissions.

Awareness and Training: This family includes security controls that are designed to ensure that personnel are aware of the importance of protecting CUI and are trained to recognize and respond to security threats. Examples of awareness and training controls include security awareness training, phishing training, and security role-based training.

Audit and Accountability: This family includes security controls that are designed to ensure that security events are logged, monitored, and reviewed. Examples of audit and accountability controls include audit logging, audit reduction, and audit storage capacity.

Configuration Management: This family includes security controls that are designed to ensure that system configurations are managed and monitored to prevent unauthorized changes. Examples of configuration management controls include configuration management planning, configuration settings, and baseline configuration.

Identification and Authentication: This family includes security controls that are designed to ensure that only authorized personnel can access CUI. Examples of identification and authentication controls include password management, biometric authentication, and multifactor authentication.

Incident Response: This family includes security controls that are designed to ensure that incidents are detected, reported, and responded to in a timely and effective manner. Examples of incident response controls include incident response planning, incident response testing, and incident response training.

Maintenance: This family includes security controls that are designed to ensure that systems are maintained and updated to prevent security vulnerabilities. Examples of maintenance controls include patch management, system backups, and software updates.

Media Protection: This family includes security controls that are designed to ensure that CUI is protected when stored on removable media or transmitted via electronic communication. Examples of media protection controls include media sanitization, media access, and media storage.

Personnel Security: This family includes security controls that are designed to ensure that personnel are trustworthy and authorized to access CUI. Examples of personnel security controls include personnel screening, background checks, and termination procedures.

Physical Protection: This family includes security controls that are designed to ensure that physical access to CUI is restricted and monitored. Examples of physical protection controls include physical access controls, visitor control, and emergency power.

Risk Assessment: This family includes security controls that are designed to ensure that risks to CUI are identified and mitigated. Examples of risk assessment controls include risk assessments, risk management strategies, and risk monitoring.

Security Assessment: This family includes security controls that are designed to ensure that security controls are assessed and tested to ensure they are effective. Examples of security assessment controls include security assessments, vulnerability assessments, and penetration testing.

System and Communications Protection: This family includes security controls that are designed to ensure that systems are protected from security threats. Examples of system and communications protection controls include boundary protection, system security, and communication protection.

System and Information Integrity: This family includes security controls that are designed to ensure that systems are protected from unauthorized access or changes to CUI. Examples of system and information integrity controls include malware protection, system monitoring, and system recovery.

Visit http://WrkPlan.com

https://share.hsforms.com/1G1LIr3D9RHugtbDLRIAIxgc5rvb

https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final

The ERP Suite for
Contract Management &
Project Accounting for
Government Contractors

What are the categories covered in NIST 800-171?

What are the categories covered in NIST 800-171?

Categories

Recent Post

Beyond Fixed Price Contracting

Fixed Price Contracting and Budget Management

Government Contracting Guide: Incurred Cost Proposal (ICP)

Navigating the World of Government Procurement: Opportunities and Processes

Mastering Federal Government Contracting: A Comprehensive Guide by WrkPlan

A Comprehensive Guide to Understanding and Navigating the Federal Acquisition Regulation (FAR)

The Role of Teaming Agreements in Government Contracting

Small Business Set-Asides: Opportunities and Benefits

Tips for Winning Government Contracts: A Competitive Edge

Navigating Government Contracting Regulations: A Comprehensive Guide

The ERP Suite for Contract Management & Project Accounting for Government Contractors

What are the categories covered in NIST 800-171?

Categories

Tags

Recent Post

The ERP Suite for
Contract Management &
Project Accounting for
Government Contractors