The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The fourteenth of the 14 Families of Requirements for NIST 800-171 compliance is system and information integrity.
What is System and Information Integrity in Terms of NIST 800-171?
The System and Information Integrity family of requirements establishes processes for identifying, reporting, and correcting system flaws. A business is required to identify, report, and remediate system errors in a timely manner, through the use of endpoint, detection and response (EDR) measures, network filtering, and intrusion detection and prevention systems (IDS/IPS). Through periodic scanning, the business must maintain the integrity of the file system and ensure cyber protection through the use of up-to-date detection, prevention, EDR software and countermeasures. Examples of cybersecurity tools that will help address this guideline are an enterprise-grade firewall, web filtering, IDS/IPS, and antivirus and endpoint security. System and information integrity consists of 3 Basic Security requirements and 4 Derived Security requirements.
Basic Security Requirements
- 3.14.1 Identify, report, and correct system flaws in a timely manner.
- 3.14.2 Provide protection from malicious code at designated locations within organizational systems
- 3.14.3 Monitor system security alerts and advisories and take action in response
Derived Security Requirements
- 3.14.4 Update malicious code protection mechanisms when new releases are available.
- 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.
- 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
- 3.14.7 Identify unauthorized use of organizational systems.
To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC.
NeQter Labs can assist you with building the foundation for your cyber security and compliance program. By combining SIEM, vulnerability scanning, inventory and documentation into a single platform, NeQter allows you to get a jump start on your DFARS-7012/NIST 800-171/CMMC compliance project. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.