Search
  • Ignyte CMMC Specialist

NIST 800-171 | SYSTEM AND INFORMATION INTEGRITY



System integrity and information integrity controls and requirements are designed to ensure federal systems/information is accurate and can be validated.

The integrity of information is critical which is primarily managed through all the traffic incoming into the system, applications & software installed and frequently checking the entire system to ensure nothing unapproved has changed. Examples of these types of controls are checksum, hash comparisons of downloaded files, FIM or file integrity monitoring and scanning for viruses. These are the basic provisions.

Family Name: System and Information Integrity


3.14.1 Identify, report, and correct information and information system flaws in a timely manner.


Organizations identify systems that are affected by announced software and firmware flaws including potential vulnerabilities resulting from those flaws and report this information to designated personnel with information security responsibilities.

Security-relevant updates include:

  • Patches

  • Service Packs

  • Hot fixes

  • Anti-virus signatures

Organizations also address flaws discovered during

  • Security assessments

  • Continuous monitoring

  • Incident response activities

  • System error handling

Organizations can take advantage of available resources such as the Common Weakness Enumeration (CWE) or Common Vulnerabilities and Exposures (CVE) databases in remediating flaws discovered in organizational systems.


NIST Special Publication 800-40 provides guidance on patch management technologies.

3.14.2 Provide protection from malicious code at appropriate locations within organizational information systems.


Appropriate locations include system entry and exit points

  • Firewalls

  • Remote-access servers

  • Workstations

  • Electronic mail servers

  • Web servers

  • Proxy servers

  • Notebook computers

  • Mobile devices

Malicious code includes:

  • Viruses

  • Worms

  • Trojan horses

  • Spyware

A variety of technologies and methods exist to limit or eliminate the effects of malicious code:

  • Secure coding practices

  • Configuration management and control

  • Trusted procurement processes

  • Monitoring practices to help ensure that software performs what its purpose and nothing more

NIST Special Publication 800-83 provides guidance on malware incident prevention.

3.14.3 Monitor information system security alerts and advisories and take appropriate actions in response.


The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government and in NonFederal organizations.


Software vendors, subscription services, and relevant industry information sharing and analysis centers (ISACs) may also provide security alerts and advisories.

Security directives are issued by designated organizations with the responsibility and authority to issue such directives.

3.14.4 Update malicious code protection mechanisms when new releases are available.


Update malicious code protection mechanisms cannot always detect such code.

3.14.5 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.


See discussion for 3.14.2

3.14.6 Monitor the information system including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.


External monitoring includes the observation of events occurring at the system boundary

  • Part of perimeter defense

  • Boundary protection

Internal monitoring includes the observation of events occurring within the system.


Organizations can monitor systems by observing audit record activities in real time or by observing other system aspects.


System monitoring capability is achieved through a variety of tools and techniques:

  • Intrusion detection systems

  • Intrusion prevention systems

  • Malicious code protection software

  • Scanning tools

  • Audit record monitoring software

  • Network monitoring software

System monitoring is an integral part of continuous monitoring and incident response programs.

Unusual or unauthorized activities or conditions related to inbound and outbound communications traffic include:

  • Internal traffic that indicates the presence of malicious code in systems

  • Unauthorized exporting of information

  • Signaling to external systems

Evidence of malicious code is used to identify potentially compromised systems or system components.


NIST Special Publication 800-94 provides guidance on intrusion detection and prevention systems.

3.14.7 Identify unauthorized use of the information system.


See discussion for 3.14.6

NIST 800-171 Mappings:

  • FAR Clause 52.204-21 b.1.xii

  • NIST SP 800-171 Rev 1 3.14.1

  • NIST CSF v1.1 RS.CO-2, RS.MI-3

  • CERT RMM v1.2 VAR:SG2.SP2

  • NIST SP 800-53 Rev 4 SI-2

  • UK NCSC Cyber Essentials

  • AU ACSC Essential Eight

  • AU ACSC Essential Eight


For further Information and Demo, please contact us:






  • LinkedIn
  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • Pinterest

info@ignyteplatform.com | 1.833.IGNYTE1 

​​

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Generic disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
 

Gartner is a registered trademark and service mark of Gartner, Inc. and/or of its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved
 

Igntye © 2020 All Rights Reserved. Ignyte Assurance Platform, Privacy Policy and Terms of Service.