Get Started!

List of Standards and Regulations

About NIST.SP.800-171

NIST Special Publication 800-171 provides guidelines to protect controlled unclassified information in nonfederal information systems and organizations.

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. The Special Publication 800-series reports on ITL’s research, guidelines, and outreach efforts in information systems security and its collaborative activities with industry, government, and academic organizations.

The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations. NIST.SP.800-171 publication provides federal agencies with recommended requirements for protecting the confidentiality of CUI.

Various government agencies refer to NIST.SP.800-171 when describing security requirements for non-government partners and subcontractors. For example, As of December 2015, Defense Federal Acquisition Regulation Supplement (DFARS 225.204-7012) requires contractors to implement NIST Special Publication (SP) 800-171 standards “as soon as practical, but not later than December 31, 2017.”

About Xton Access Manager

Xton Access Manager (XTAM) is an agentless, cross-platform privileged access management solution with unlimited licensing model built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.

A privileged account refers to non-individual, often shared, user accounts frequently used by machines for or by administrators to perform maintenance activities. Examples of such accounts include:

  • Accounts used by machines to communicate between each other;
  • Shared accounts shared by groups of people (external billing, corporate representatives);
  • Accounts for Database Administrators, database schema, application pool owners, global administrators;
  • Local computer accounts (root, administrator, tomcat, jenkins, jira);
  • Built-in IoT accounts (sensors, printers, routers, coffee machines, cameras, beacons).

XTAM provides out-of-the-box features to discover, manage, access and monitor privileged accounts:

  • A secure AES-256 encrypted Identity Vault to maintain total administrative control over all your passwords, certificates, key, files, secrets and privileged accounts.
  • Privileged Session Recording to ensure all sessions are retained and can be used for diagnosis or forensic investigations.
  • Integrated Job and Policy Engine to automate Password Resets, Privileged Account Discovery and repetitive tasks.
  • Full system event and user Audit Trails that can trigger notifications and in-application alerts.

Recommended XTAM Workflow

XTAM supports multiple use cases and might be uses as a part of several security and productivity enhancement workflows. To help organizations to comply with NIST.SP.800-171 requirements we recommend the following workflow.

Step Description
Discover Discover privileged accounts in the network using XTAM discovery facilities.
Import Import privileged accounts to the XTAM vault from the discovery process or from other sources using the import facilities. Enter undiscovered privileges accounts into the XTAM vault.
Manage
  • Define password rotation policy for imported or entered privileged accounts describing when and how the passwords should be rotated for groups of accounts or individual accounts.
  • Grant and revoke access to privileged account records or groups of records in the XTAM vault for the organization of users and groups.
  • Use Microsoft Active Directory, LDAP based user directory or local XTAM user directory as a directory of the organization of users and groups.
Rotate
  • Let the XTAM engine change passwords for managed accounts. Alternatively, change privileged accounts passwords manually and update the XTAM vault.
  • After this step all privileged account activities will be performed using the XTAM instance because the actual password would be unknown to all users.
Unlock Authorize XTAM users to unlock passwords or certificates in XTAM vault when needed.
Access Authorize XTAM users to connect to managed privileged accounts without disclosing credentials when needed using XTAM session manager.
Execute Authorize XTAM users to execute privileged commands and scripts on managed information systems without disclosing credentials when needed using the XTAM job engine.
Monitor Use XTAM notification facilities, audit log, history, job execution history and session history reports to monitor system activity. Stream system logs to your organization’s SIEM system for global analysis.

Mapping XTAM Functions to the Guideline Requirements

To see how Xton Access Manager maps to the NIST 800-171 standard, please download our PDF report.
 
 

Copyright © 2018 Xton Technologies, LLC. All rights reserved.