NIST 800-171 Checklist

NIST 800-171 Simplified Checklist

Access Control – Logins, Remote Access, Monitoring

Awareness and Training – Managers and team members of organization are aware of security risks associated and ensure they are trained

Audit and Accountability – Create, protect and retain systems. Audit records by enabling monitoring, analysis, investigating and reporting of unlawful unauthorized or inappropriate system activities.

Configuration Management – Enforce security configuration settings for on all information technology systems. Do a inventory of organizations hardware. Always analyze security impact of changes that are to be implemented. Establish and enforce security configuration

Identification and Authentication – Identify system users/processes authenticated the identities of the users, password complexity, store and transmit cryptographically the protected passwords.

Incident Response – Establish incident – handling capability for organizational systems. Test.
Adequate preparation, detection, analysis, containment, recovery, and user response.

Maintenance – Maintenance

Media Protection – destroy and control access

Personal Security – Individual security

Physical Security – Limit physical access to organizations systems and equipments

Risk Assessment – Periodically access the risk of the organizational operations. Assets and individual. Scan for vulnerabilities in OU and Apps

Security Assessment – Develop and implement plans of actions designed to correct deficiencies. Monitor security controls on an online basis and access the security controls.

System and Communication Protection – Monitor, control and protect communication by having FIPS firewall, validated cryptography. Manage Key management system. Apply architectural designs, software development technologies (OWASP) engineering principles

System and Information Integrity – Monitor systems and security alerts, perform periodic scans of organization and real-time scans of files from external sources. As files are downloaded and opened or executed.