August 02, 2019

NIST 800-171 3.1.2

Gregory Morawietz

Gregory Morawietz
Founder/Single Point of Contact

Share This Post

Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

Once you have a domain and you have identified who will have access to the sensitive data, you will want to restrict access to those system from any ordinary user or member of your network from accessing them.  This control refers to access, which can goes hand in hand with how users access the systems that the sensitive or classified data is stored on.   You want to protect systems from access, from unauthorized operators and methods.  You want to ensure you have password protection, two factor authentication and that you restrict who can access systems and how.  You do not want to have users with mobile devices able to access the secure data or users who are employing a virtual private network either, if you do we will discuss how to lock these devices down in other controls.  Since you rarely have the ability to control Mobile Phones, home computers, BYOD devices, USB drives and wireless connected devices. You want to restrict access by denying all of these devices from connecting to the network resource or application that holds the Classified Information.  Subsequently you will want to detect if anyone is trying to access these systems from any of these types of devices.  You can also employ an Virtual Lan or Vlan.  Keep all your restricted data on a virtual lan cut off from the rest of the company. Only allow machines that are authorized to connect to the the vlan with the Classified data on it.  You can also put a firewall in between your Classified data network and the company network as an additional step, which will address several more controls.

Share This Post