NIST 800-171 ensures that sensitive federal information(controlled unclassified information) remains confidential when stored in nonfederal information systems and organizations.
|3.1 Access Control||Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). Limit system access to the types of transactions and functions that authorized users are permitted to execute.|
|3.3 Audit and Accountability||Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.|
|3.4 Configuration Management||Establish and enforce security configuration settings for information technology products employed in organizational systems.|
|3.5 Identification and Authentication||Identify system users, processes acting on behalf of users, and devices. Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.|
|3.6 Incident Response||Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.|
|3.8 Media Protection||Protect (i.e. securely store) system media information, both paper and digital. Limit access to information on system media to authorized users. Sanitize or destroy system media containing information before disposal or release for reuse.|
|3.9 Personnel Security||Ensure that organizational systems containing controlled unclassified information are protected during and after personnel actions such as terminations and transfers.|
|3.11 Risk Assessment||A systematic process of identifying hazards and evaluating any associated risks within a workplace, then implementing reasonable control measures to remove or reduce them. Remediate vulnerabilities in accordance with risk assessments.|
|3.12 Security Assessment||Implement controls that evaluate management, operational, technical, and privacy controls to ensure they are implemented properly and operating effectively.|
|3.13 System and Communications Protection||Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.|
|3.14 System and Information Integrity||Identify, report, and correct system flaws in a timely manner. Monitor system security alerts and advisories and take action in response.|
To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.