NIST 800-171 3.14 - System and Information Integrity

The National Institute of Standards and Technology (NIST) Special Publication 800-171 Audit reports provide documentation and compliance artifacts that help you demonstrate compliance with the requirements outlined by NIST 800-171.

The NIST 800-171 3.14 - System and Information Integrity report provides links to endpoint protection, web application protection, and log search features in the Alert Logic console that help demonstrate compliance with the following NIST 800-171 requirements:

  • Basic Security Requirements 3.14.1 and 3.14.2
  • Derived Security Requirements 3.14.4 through 3.14.7

To access the NIST 800-171 3.14 - System and Information Integrity report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under NIST 800 171 Audit, click VIEW.
  4. Click NIST 800-171 3.14 - System and Information Integrity.

The report summary page displays two columns. Basic Security Requirements and Derived Security Requirements list specific requirements from the NIST 800-171 family for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations. Available Documentation and Artifacts describes and contains links to the documentation and compliance artifacts that this report can generate to meet each requirement.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Basic Security Requirement 3.14.1

Basic Security Requirement 3.14.1 requires organizations to identify, report, and correct system flaws in a timely manner.

This section provides links to the Notifications page in the Alert Logic console, where you can access alert notifications for health and security issues. For more information, see Notifications.

Basic Security Requirement 3.14.2

Basic Security Requirement 3.14.2 requires organizations to provide protection from malicious code at designated locations within organizational systems.

This section provides a link to the Endpoints tab of the Extended Endpoint Protection page, where you can access endpoint protection configuration. For more information, see Manage Endpoints.

This section also provides a link to the Events tab of the Extended Endpoint Protection page, which provides access to endpoint protection events to review malware attacks in your environment and the actions taken in response to quarantine and override malicious files or isolate vulnerable endpoints. For more information, see Investigate an Extended Endpoint Protection Event.

Derived Security Requirement 3.14.4

Derived Security Requirement 3.14.4 requires organizations to update malicious code protection mechanisms when new releases are available.

This section provides a link to the Summary tab of the Extended Endpoint Protection page, where you can view the configuration summary for endpoints running the most updated version. For more information about the Extended Endpoint Protection page, see About Alert Logic Extended Endpoint Protection.

Derived Security Requirement 3.14.5

Derived Security Requirement 3.14.5 requires organizations to perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.

This section provides a link to the Endpoints tab of the Extended Endpoint Protection page, where you can access to the endpoint protection configuration. For more information, see Manage Endpoints.

This section also provides a link to the Events tab of the Extended Endpoint Protection page, which provides access to endpoint protection events to review malware attacks in your environment and the actions taken in response to quarantine and override malicious files or isolate vulnerable endpoints. For more information, see Investigate an Extended Endpoint Protection Event.

Derived Security Requirement 3.14.6

Derived Security Requirement 3.14.6 requires organizations to monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

This section provides links to the Dashboards page in the Alert Logic console, where you can access web and firewall analytics dashboards that help identify anomalies or patterns with inbound and outbound connections across your environments. For more information, see Dashboards.

Derived Security Requirement 3.14.7

Derived Security Requirement 3.14.7 requires organizations to identify unauthorized use of organizational systems.

This section provides links to access the log searches in the Alert Logic console, where a prepopulated query will search logs for messages containing "Login failed", "Login Failure", or "Login Denied". For more information about searching log messages, see Get Started with Search.