Similar to NIST 800-53 NIST 800-171 was developed by the National Institute of Standards and technology. NIST is responsible for developing information security standards and guidelines, including minimum requirements for contractors that interact with federal systems/networks. Although FISMA only mandates that federal organizations abide by the standards and guidelines outlined in NIST 800-171, many organizations in the private and non-federal public sectors opt to follow NIST 800-171 guidelines in order to meet requirements to interact with federal systems/networks.
Link to NIST 800-171 documentation: https://doi.org/10.6028/NIST.SP.800-171r2
Link to download NIST 800-171 content pack: https://cortex.marketplace.pan.dev/marketplace/details/XSIAMCompliance_NIST_800_171/
NIST 800-171 | Widget Name | Description |
|---|---|---|
NIST 800-171 Section 3.1: Access Control | Access Control | Implement policies and procedures to monitor access to systems. Use this widget to query login events. |
NIST 800-171 Section 3.3: Audit and Accountability | Audit Controls | Implement policies and procedures to monitor, record, and review system activities. Use this widget to query active directory information. |
NIST 800-171 Section 3.4: Configuration Management | Policy/Config Management | Implement policies and procedures to monitor and maintain secure configurations. Use this widget to query host application versions. |
NIST 800-171 Section 3.5: Identification and Authentication | Identify | Implement policies and procedures to monitor the identity of users, devices, and processes. Use this widget to query targeted clients. |
NIST 800-171 Section 3.6: Incident Response | Threat Protection/Incident Response | Implement policies and procedures to detect, respond to, and recover from security incidents. Use this widget to query incidents. |
NIST 800-171 Section 3.7: Maintenance | Maintenance | Implement policies and procedures to establish processes and controls for ongoing maintenance. Use this widget to query endpoint information. |
NIST 800-171 Section 3.9: Personnel Security | Personnel Security | Implement policies and procedures to limit access to sensitive data. Use this widget to query USB information. |
NIST 800-171 Section 3.10: Physical Protection | Physical Protections | Implement policies and procedures to protect physical assets and facilities. Use this widget to hosts with USB plug-in events. |
NIST 800-171 Section 3.11: Risk Assessment | Risk Assessment | Implement policies and procedures to identify, assess, and mitigate risks to data. Use this widget to query browser versions. |
NIST 800-171 Section 3.12: Security Assessment | Continuous Monitoring | Implement policies and procedures to assess, authorize, and monitor systems. Use this widget to query RDP and SMB access. |
NIST 800-171 Section 3.13: Systems and Communications Protection | Transmission/Network Security | Implement policies and procedures to protect and monitor communications channels. Use this widget to monitor top triggered network rules. |
NIST 800-171 Section 3.14: System and Information Integrity | System Management | Implement policies and procedures to ensure the integrity of systems and data. Use this widget to query endpoint upgrade status. |
V1 required data source(s): XDM
V2 required data source(s): xdr_data, host_inventory, endpoints, incidents, pan_ngfw_traffic_raw
Requirements
This compliance pack pulls information from Cortex XSIAM that has been ingested and mapped to the following data sources. In order for the dashboards and reports to function properly it is important that these sources have ingested data.