August 02, 2019

NIST 800-171 3.1.1

Gregory Morawietz

Gregory Morawietz
Founder/Single Point of Contact

Share This Post

Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).

What this is referring to is a system from which you are going to use to authenticate users.  This will most likely need to be a Windows based domain.  Trying to use no domain or a unix or linux based authentication system is going to be very hard to pull off.  You will need Group Policy Objects and two factor authentication later on in the other controls, so having a windows domain makes this a lot easier.  Having a Windows domain is also simple to show as evidence that you limit access to files, folders, computers, servers an applications.  Many software platforms tie into LDAP and Active Directory, which is used by a Windows domain.   So you will need a Windows domain and you will need to have a hierarchy of users, those that will be able to access secure data and those that won't, this is accomplished through security groups built into the domain platform.  You will need to show that you have separation, groups and permission levels of who can access what in order to pass this control.  

Share This Post