The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The fourteenth of the 14 Families of Requirements for NIST 800-171 compliance is system and information integrity.
What is System and Information Integrity in Terms of NIST 800-171?
The System and Information Integrity family of requirements establishes processes for identifying, reporting, and correcting system flaws. A business is required to identify, report, and remediate system errors in a timely manner, through the use of endpoint, detection and response (EDR) measures, network filtering, and intrusion detection and prevention systems (IDS/IPS). Through periodic scanning, the business must maintain the integrity of the file system and ensure cyber protection through the use of up-to-date detection, prevention, EDR software and countermeasures. Examples of cybersecurity tools that will help address this guideline are an enterprise-grade firewall, web filtering, IDS/IPS, and antivirus and endpoint security. System and information integrity consists of 3 Basic Security requirements and 4 Derived Security requirements.
Basic Security Requirements
- 3.14.1 Identify, report, and correct system flaws in a timely manner.
- 3.14.2 Provide protection from malicious code at designated locations within organizational systems
- 3.14.3 Monitor system security alerts and advisories and take action in response
Derived Security Requirements
- 3.14.4 Update malicious code protection mechanisms when new releases are available.
- 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.
- 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
- 3.14.7 Identify unauthorized use of organizational systems.
To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC.
NeQter Labs can assist you with building the foundation for your cyber security and compliance program. By combining SIEM, vulnerability scanning, inventory and documentation into a single platform, NeQter allows you to get a jump start on your DFARS-7012/NIST 800-171/CMMC compliance project. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.
Keep up with our latest content by following NeQter Labs on Twitter, Facebook, LinkedIn, and Youtube.