NIST 800-171 3.4 - Configuration Management

The National Institute of Standards and Technology (NIST) Special Publication 800-171 Audit reports provide documentation and compliance artifacts that help you demonstrate compliance with the requirements outlined by NIST 800-171.

The NIST 800-171 3.4 - Configuration Management report provides links to the exposures and endpoint protection features in the Alert Logic console that help demonstrate compliance with NIST 800-171 Derived security requirements 3.4.7 and 3.4.8.

To access the NIST 800-171 3.4 - Configuration Management report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under NIST 800 171 Audit, click VIEW.
  4. Click NIST 800-171 3.4 - Configuration Management.

The report summary page displays two columns. Derived Security Requirements list specific requirements from the NIST 800-171 family for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations. Available Documentation and Artifacts describes and contains links to the documentation and compliance artifacts that this report can generate to meet each requirement.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Derived Security Requirement 3.4.7

Derived Security Requirement 3.4.7 requires you to restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

This section provides a link to the Exposures page, where you can access security remediations and exposures related to reconfiguring, uninstalling or updating services, and protocols in your environment. For more information about Exposures, see Exposures.

Derived Security Requirement 3.4.8

Derived Security Requirement 3.4.8 requires you to apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.

This section provides a link to the Endpoints tab of the Extended Endpoint Protection page, where you can access endpoint protection configuration. For more information, see Manage Endpoints.

This section also provides a link to the Events tab of the Extended Endpoint Protection page, which provides access to endpoint protection events to review malware attacks in your environment and the actions taken in response to quarantine and override malicious files or isolate vulnerable endpoints. For more information, see Investigate an Extended Endpoint Protection Event.