Axon NIST 800-171 Compliance Bundle
National Institute of Standards and Technology Special Publication (SP) 800-171 - Axon Compliance Bundle
Disclaimer: Organizations are not required as a matter of law to comply with this document, unless legislation, or a direction given under legislation or by some other lawful authority, compels them to comply. This document does not override any obligations imposed by legislation or law. Furthermore, if this document conflicts with legislation or law, the latter takes precedence.
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
The National Institute of Standards and Technology 800-171 (NIST 800-171) provides federal agencies with recommended security requirements for protecting the confidentiality of controlled unclassified information (CUI) when the information is resident in nonfederal systems and organizations. The requirements apply to components of nonfederal systems that process, store, or transmit CUI or that provide protection for such components. The security requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations.
SP 800-171 security requirements represent a subset of the controls in NIST 800-53 that are necessary to protect the confidentiality of CUI. The security requirements are organized into 17 families. Each family contains the requirements related to the general security topic of the family.
NIST 800-171 Control Families | |
|---|---|
Identifier | Control Family |
AC | Access Control |
AT | Awareness and Training |
AU | Audit and Accountability |
CA | Assessment, Authorization, and Monitoring |
CM | Configuration Management |
IA | Identification and Authentication |
IR | Incident Response |
MA | Maintenance |
MP | Media Protection |
PE | Physical and Environmental Protection |
PL | Planning |
PS | Personnel Security |
RA | Risk Assessment |
SA | System and Services Acquisition |
SC | System and Communications Protection |
Sl | System and Information Integrity |
SR | Supply Chain Risk Management |
LogRhythm’s NIST 800-171 content provides augmented and direct support for multiple NIST 800-171 controls through a collection of pre-bundled searches, lists, dashboards, and reports. All Dashboards are supplied with data from the underlying searches. You can then schedule reports from the searches for periodic generation and delivery, or generate them on demand. To identify areas of non-compliance in real-time, you can leverage the dashboard for immediate analysis of activities that impact your organization's in-scope data systems.
Please refer to our User Guide for detailed information and implementation guidance on the included searches, lists, and dashboards.
NIST 800-171 content can be obtained from the compliance folder within the Axon Content GitHub repository.
Additional Resources
The NIST standards website (NIST 800-171) provides the following additional resources to assist organizations with their NIST 800-171 compliance and assessments:
Document Library, including:
SP 800-171 Rev. 3 - Available in multiple formats including PDF and Excel
SP 800-171A Rev. 3 - This document contains the assessment guidance for all controls in 800-171. This is how the controls will be evaluated and is critical to understanding the requirements to evidence control effectiveness.
Additional documents that include references to CUI recognition and analysis of changes from Rev. 2.
Refer to the Document Library at NIST 800-171 for information about these and other resources.