0 Request
Added to Request
    You have items in your request
    You have 1 item in your request
    Total
    Check Out Continue browsing

    News

    News

    Federal DFARS and NIST 800-171 data security requirements

    Posted by Mark Buse on

    Federal agencies need not consider the practicality, cost, or feasibility of compliance with their requirements, but until or unless Congress or a new presidential administration acts, compliance is required, no matter the cost or effort required. Automating compliance as much as possible tends to be the only way to make it economically practical, and operationally feasible.

    Thankfully there are software tools to help with compliance. On example is Tenable's "SecurityCenter Continuous View":

    https://www.tenable.com/blog/the-buck-stops-there-nist-sp-800-171

    "SecurityCenter CV Audit and Monitoring Dashboard aligns with the Audit and Accountability (section 3.3) and System and Information Integrity (section 3.14) families in NIST SP 800-171. These families are closely related, requiring the monitoring, analysis, investigation and reporting of unlawful, unauthorized or inappropriate information system activity – including inbound and outbound communications traffic – to detect attacks and indicators of potential attacks. By using this dashboard, you can better correlate audit review, assessment and reporting processes for investigating and responding to indications of inappropriate, suspicious or unusual activity. You will also be able to monitor information system security alerts and advisories and take appropriate actions in response."



    The software dashboards and "Assurance Report Cards" to help automate SP 800-171 control monitoring, assessment and communication, reducing compliance staff workload and the potential for expensive mistakes. 


    Microsoft's Azure and Office365/Microsoft365 cloud services offer versions which claim to comply with NIST 800-717 as discussed in this article...


    https://learn.microsoft.com/en-us/compliance/regulatory/offering-nist-sp-800-171


    Microsoft also promotes their own compliance tools for higher-tier O365/M365 customers for government work:

    https://learn.microsoft.com/en-us/purview/compliance-manager-setup.

     

    AND

    There is already a gold-rush of vendors to provide compliance information, training, and automation. The following is one such information resource:

    https://www.encomputers.com/2023/01/dfars-and-nist-800-171-ultimate-guide/