Routing remote access through managed access control points enhances explicit, organizational control over such connections, reducing the susceptibility to unauthorized access to organizational systems resulting in the unauthorized disclosure of CUI.
Full Answer
What is 3.1.2 system access?
3.1.2: Limit system access to the types of transactions and functions that authorized users are permitted to execute
What is the purpose of establishing configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices?
Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas; and Authorize the connection of mobile devices to organizational systems.
What are policies and procedures?
Policies and procedures shall be established, and supporting business processes and technical measures implemented, to manage business risks associated with permitting mobile device access to corporate resources and may require the implementation of higher assurance compensating controls and acceptable-use policies and procedures (e.g., mandated security training, stronger identity, entitlement and access controls, and device monitoring).
What is the termination of a network connection?
Terminating network connections associated with communications sessions include de-allocating associated TCP/IP address or port pairs at the operating system level, or de-allocating networking assignments at the application level if multiple application sessions are using a single, operating system-level network connection. Time periods of user inactivity may be…
What is privileged command?
A privileged command is a human-initiated (interactively or via a process operating on behalf of the human) command executed on a system involving the control, monitoring, or administration of the system including security functions and associated security-relevant information. Security- relevant information is any information within the system that can potentially impact the operation of security…
What is the role of an organization in a mobile device?
The organization: Establishes usage restrictions, configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices; and Authorizes the connection of mobile devices to organizational information systems.
End of life for IE11
Microsoft is planning to end support for IE11 ( https://www.bleepingcomputer.com/news/microsoft/microsoft-to-retire-internet-explorer-on-some-windows-10-versions/ ). Since IE11 seems to be the standard browser within the government and particularly the DoD.
Not even sure if a NIST 800-171 score is required for my company
I work for a small business that sells COTS items but also supplies said products to government contractors.
Appropriate way to fill out SSP information on controls?
I have to fill out an SSP for a class. It's a fictional company, but I'm not exactly sure what all we have to answer. Do you have to fill each blank?
Guidance for a small business doing a NIST SP 800-171 self-assessment
We are a small business with less than 100 employees and do some work with the government. We have been asked to complete a NIST SP 800-171 Assessment at the 'Basic (Contractor Self-Assessment)' level as well as a System Security Plan before we can renew our contract.
Free NIST 800-53 and SOC 2 Compliance Audit Prep Tool
Hi all, my company recently launched a free version of their audit prep software. There is a two-week free trial with full functionality available for all frameworks, including NIST 800-53, and SOC 2 is now free to all with no restrictions. Wanted to share in case any of y'all are interested in using this with clients or for an upcoming audit.