Compliance: NIST 800-171

The National Institute of Standards and Technology (NIST) Special Publication 800-171 is an important set of guidelines that aims to ensure the safety and confidentiality of sensitive federal data. Any organization that stores, processes, or transmits CUI for the Department of Defense, NASA, and any federal or state agency must be in compliance with NIST 800-171.

Here is a detailed look at how Patch Manager Plus helps to achieve NIST 800-171

S.No Requirement Description How Patch Manager Plus fulfills it?
3.1

Access Control

 
3.1.1

Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).

Create local users and add them to a suitable group to provide them proper scope for systems using Patch Manager Plus' user management configuration.

3.1.2

Limit system access to the types of transactions and functions that authorized users are permitted to execute.

Create local users and add them to a suitable group to provide them with proper scopefor systems using Patch Manager Plus' user management configuration.

3.1.7

Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.

Create local users and add them to a suitable group to provide them proper scope for systems using Patch Manager Plus' user management configuration.

Patch Manager Plus has the Action Log Viewer to monitor the activities performed in each system. You can provide various category-based filters to monitor the required activities.

3.3

Audit & accountability

 

3.3.1

Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

Patch Manager Plus has the Action Log Viewer to monitor the activities performed in each system. You can provide various category-based filters to monitor the required activities.

3.3.2

Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions.

Patch Manager Plus provides User Log on Report to track the user login and logoff history in the managed endpoints.
The actions performed by the admin and technicians in the web-console of the product is logged for better auditing.

3.3.3

Review and update logged events.

Patch Manager Plus has the Action Log Viewer to monitor the activities performed in each system. You can provide various category-based filters to monitor the required activities.

3.4

Configuration Management

 

3.4.4

Analyze the security impact of changes prior to implementation.

Using the 'Test and Approve' feature in Patch Manager Plus, you can view the compatibility of the patch update with the systems in the network before the deployment of patches to the production environment.

3.5

Identification & Authentication

 

3.5.9

Allow temporary password use for system logons with an immediate change to a permanent password.

The User Management Configuration of Patch Manager Plus allows you to define the scope of a user and specify a username and password.