NIST 800-171 Regulatory Compliance

Get help with your NIST 800-171 compliance audits.

NIST 800-171 is a codification of the requirements that any non-Federal computer system must follow in order to store, process, or transmit Controlled Unclassified Information (CUI) or provide security protection for such systems.

Visual Click Software's products can help keep your organization in compliance with these NIST 800-171 regulations.

Free Trial Request a Demo Request a Quote

NIST 800-171. “3.3 - AUDIT AND ACCOUNTABILITY ”

3.3.1 Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity.

CPTRAX

Audit Logs and Reporting for:
  • Changes to File System Permissions
  • Access to Files and Folders
  • Files and Folders Created/Deleted/Changed
  • Changes to Active Directory
  • Changes to Group Policy Objects
  • Workstation copies of files to USB
  • Workstation uploads via web browser

DSRAZOR

Manage:
  • Active Directory Object permissions
  • Remove Active Directory Trustees
  • File System Permissions
  • Users - Delete/disable/change
  • Groups - Delete/change

3.3.2 Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions.

CPTRAX

Audit Logs and Reporting for:
  • Changes to File System Permissions
  • Access to Files and Folders
  • Files and Folders Created/Deleted/Changed
  • Changes to Active Directory
  • Changes to Group Policy Objects
Track:
  • Logons per Workstation Name
  • Logons per IP Address
  • Failed Logon Attempts due to Invalid Account Name
  • Failed Logon Attempts due to Bad Password
  • Pattern alerting can be enabled to track the number of events in a time interval (e.g., 20 or more files deleted in less than 3 seconds will trigger an alert that can be automatically sent by email)

DSRAZOR

Manage:
  • Active Directory Object permissions
  • Remove Active Directory Trustees
  • File System Permissions
  • Users - Delete/disable/change
  • Groups - Delete/change

3.3.3 Review and update audited events.

CPTRAX

Audit Logs and Reporting for:
  • Helps Administrators access historical audited events.

3.3.5 Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity.

CPTRAX

Audit Logs and Reporting for:
  • Log data can be sent to SQL.
  • Alerts can be sent to a Syslog server.

3.3.6 Provide audit reduction and report generation to support on-demand analysis and reporting.

CPTRAX

Audit:
  • Reports can be exported in different formats (CSV, TXT, HTML and HTML Sortable)
  • Reports can be viewed on the console or web-based reporter.
  • Logs can be stored in SQL and accessed in different ways. (e.g., in-house developed web-based application, queries, etc.)
  • Alerts can be sent to a syslog server.
  • Reports can be scheduled and sent via email

DSRAZOR

Create:
  • Reports can be exported in different formats (CSV, TXT, HTML and HTML Sortable)
  • Applets can be configured to create a file report and can be scheduled for ongoing email delivery of reports.
  • DSRAZORs File System Permission Reporter can document file permissions.

3.3.8 Protect audit information and audit tools from unauthorized access, modification and deletion.

CPTRAX

Protect:
  • CPTRAX requires administrator privileges to manage.
  • By Using the auto-archive capability logs can be moved to a safe location to prevent unauthorized access, modification and deletion. Elevated privileges are required to access the logs from the console.
  • Log data can be stored in SQL and encrypted data files for redundancy.

3.3.9 Limit management of audit functionality to a subset of privileged users.

CPTRAX

Limit Management:
  • CPTRAX requires administrator privileges to manage.

DSRAZOR

Manage:
  • Limit ability to create/delete/modify user accounts.
  • Create executable files from applets and allow only privileged users to use them. (Zero Privilege Client).

NIST 800-171. “3.5 - IDENTIFICATION AND AUTHENTICATION”

3.5.1 Identify information system users, processes acting on behalf of users, or devices.

CPTRAX

Audit Logs and Reporting:
  • CPTRAX activity logs will show the identity, originating IP and workstation name. Also, will identify what process was used by a user or service account for the recorded activity.

NIST 800-171. “3.6 - INCIDENT RESPONSE”

3.6.2 Track, document, and report incidents to appropriate organizational officials and/or authorities.

CPTRAX

Track and Alert:
  • CPTRAX can be configured to track and alert on suspicious behavior. By using Pattern Alerting, mass deletions, mass renames, files copied to removable drives, mass permission changes, changes to Active Directory objects and Group Policy Object changes can be tracked and set to send alerts.
  • Alerts can be sent to Syslog for further notification.

NIST 800-171. “3.8 MEDIA PROTECTION”

3.8.7 Control the use of removable media on system components.

CPTRAX

Track and Monitor:
  • Track removable devices when plugged in or visible at startup (USB drives, phones, external hard drives, etc.).
  • Block copying files to removable drives and/or exclude privileged users from blocking.
  • Track when data is copied from local or network to removable drives and/or send alerts.

ADDITIONAL NOTES

CPTRAX

Features:
  • Can be configured to track specific shares and/or folders containing Controlled Unclassified Information (CUI).
  • Alerts can be set to track users deleting files in mass, mass permissions changes, mass file renames, etc.
  • Can help identify crypto virus attacks by configuring pattern alerting for ransomware behavior.
  • For each pattern alert, a PowerShell script can be called that can contain the threat. An IP can be added to the firewall, a user can be disabled, etc. Learn More

DSRAZOR

Features:
  • Active Directory permissions can be documented.
  • File/Folder permissions can be documented.
  • Produces easy to read file permission reports for auditors.
  • Provides point in time reports and provides the capability of managing.
  • By using the Zero-Privilege client, EXEs can be created to allow only certain users to make changes to Active Directory or File management.
  • EXEs can be modified to allow those users to change only certain attributes or objects.

Get a free trial of our tools today!

Our products include 1 YEAR of our world class support!

Unlimited Training

We'll make sure you can take advantage of everything our products have to offer.

Unlimited Support

Our rapid-response support team can assist with any questions you may have.

Custom Applet Design

Need more? Just ask! We'll create a custom solution that fits your needs.