NIST 800-171 ensures that sensitive federal information(controlled unclassified information) remains confidential when stored in nonfederal information systems and organizations.


Control
Description
3.1 Access Control
Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). Limit system access to the types of transactions and functions that authorized users are permitted to execute.
3.3 Audit and Accountability
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
3.4 Configuration Management
Establish and enforce security configuration settings for information technology products employed in organizational systems.
3.5 Identification and Authentication
Identify system users, processes acting on behalf of users, and devices. Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.
3.6 Incident Response
Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
3.8 Media Protection
Protect (i.e. securely store) system media information, both paper and digital. Limit access to information on system media to authorized users. Sanitize or destroy system media containing information before disposal or release for reuse.
3.9 Personnel Security
Ensure that organizational systems containing controlled unclassified information are protected during and after personnel actions such as terminations and transfers.
3.11 Risk Assessment
A systematic process of identifying hazards and evaluating any associated risks within a workplace, then implementing reasonable control measures to remove or reduce them. Remediate vulnerabilities in accordance with risk assessments.
3.12 Security Assessment
Implement controls that evaluate management, operational, technical, and privacy controls to ensure they are implemented properly and operating effectively.
3.13 System and Communications Protection
Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.
3.14 System and Information Integrity
Identify, report, and correct system flaws in a timely manner. Monitor system security alerts and advisories and take action in response.



To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.