Re: endpoints in NIST 800-171

[Jeff Murphy <jcmurphy () BUFFALO EDU>]

Off the top of my head (not exhaustive, see bottom):

EP:
  AV (app blacklisting) and/or app whitelisting
  Host FW'ing
  DLP
  Encryption

AC:
  No shared accounts
  Least privilege
  Log on warning banner
  Password grinding counter-measures
  Uniform/documented password complexity

Remote access:
  Go thru a VPN with 2FA

Local Admin:
  2FA required for console login
  User can not have local admin, see 3.4.9

Log mgmt:
  Audit messages turned on and sent to remote server

See also the CSG template that is publicly available from EDUCAUSE:

https://library.educause.edu/resources/2016/4/an-
introduction-to-nist-special-publication-800-171-for-
higher-education-institutions

If you have already implemented another framework across your research
systems you can use that to map to 171.

Of course don't forget you also need to address incident identification and
response, training, disposal, compliance auditing, etc..

jeff


On Mon, Jun 5, 2017 at 10:50 AM, Steven W Andariese <Steve.Andariese () nau edu
> wrote:

> I too would be interested in any input regarding this situation.
>
> Thanks,
> Steve
>
> Steve Andariese
> Security Compliance
> Information Technology Services
> Northern Arizona University
> Flagstaff, Arizona  86011
>
> E-mail: Steve.Andariese () nau edu
> Voice:  928 523-6631
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Penn, Blake C
> Sent: Monday, June 5, 2017 6:54 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] endpoints in NIST 800-171
>
> Does anyone have any tips, tricks, experiences with getting endpoints
> compliant with the applicable NIST 800-171 requirements that you would be
> willing to share?
>
> Thanks,
>
> Blake Penn
> Information Security Policy and Compliance Manager Georgia Institute of
> Technology