Learn

NIST SP 800-171

Browse 110 published controls in this framework.

Control IDTitle
3.1.1NIST 800-171 3.1.1: Authorized Access Control
3.1.10NIST 800-171 3.1.10 Session Lock Control
3.1.11NIST 800-171 3.1.11: Session Termination Control
3.1.12NIST 800-171 3.1.12: Remote Access Monitoring
3.1.13NIST 800-171 3.1.13: Remote Access Cryptography
3.1.14NIST 800-171 3.1.14: Remote Access Routing Control
3.1.15NIST 800-171 3.1.15: Privileged Remote Access Control
3.1.16NIST 800-171 3.1.16: Wireless Access Authorization
3.1.17NIST 800-171 3.1.17: Wireless Access Protection
3.1.18NIST 800-171 3.1.18: Mobile Device Connection Control
3.1.19NIST 800-171 3.1.19: CUI Encryption on Mobile Devices
3.1.2NIST 800-171 3.1.2: Transaction & Function Control
3.1.20NIST 800-171 3.1.20: External System Connections Control
3.1.21NIST 800-171 3.1.21: Portable Storage Device Controls
3.1.22NIST 800-171 3.1.22: CUI on Publicly Accessible Systems
3.1.3NIST 800-171 Control 3.1.3: CUI Flow Enforcement
3.1.4NIST 800-171 3.1.4: Separation of Duties Compliance
3.1.5NIST 800-171 3.1.5: Least Privilege Access Control
3.1.6NIST 800-171 3.1.6: Non-Privileged Account Use
3.1.7NIST 800-171 3.1.7: Privileged Function Prevention
3.1.8NIST 800-171 3.1.8: Limit Unsuccessful Logon Attempts
3.1.9NIST 800-171 3.1.9: Privacy and Security Notices
3.10.1NIST 800-171 3.10.1: Physical Access Authorization
3.10.2NIST 800-171 3.10.2: Physical Access Monitoring
3.10.3NIST 800-171 3.10.3: Visitor Access Control
3.10.4NIST 800-171 3.10.4: Physical Access Logging
3.10.5NIST 800-171 3.10.5: Physical Access Device Management
3.10.6NIST 800-171 3.10.6: Alternative Work Sites Control
3.11.1NIST 800-171 3.11.1 Risk Assessment | GRCWatch
3.11.2NIST 800-171 3.11.2 Vulnerability Scanning Compliance
3.11.3NIST 800-171 3.11.3: Vulnerability Remediation | GRCWatch
3.12.1NIST 800-171 3.12.1: Security Control Assessment
3.12.2NIST 800-171 3.12.2: Plan of Action & Milestones
3.12.3NIST 800-171 3.12.3: Security Control Monitoring
3.12.4NIST 800-171 3.12.4: System Security Plan Documentation
3.13.1NIST 800-171 3.13.1: Network Boundary Protection
3.13.10NIST 800-171 3.13.10: Key Management Control
3.13.11NIST 800-171 3.13.11: CUI Encryption Compliance
3.13.12NIST 800-171 3.13.12: Collaborative Device Control
3.13.13NIST 800-171 3.13.13: Mobile Code Control & Monitoring
3.13.14NIST 800-171 3.13.14: VoIP Control & Monitoring
3.13.15NIST 800-171 3.13.15: Communication Authenticity Control
3.13.16NIST 800-171 3.13.16: CUI at Rest Protection
3.13.2NIST 800-171 3.13.2: Security Engineering Principles
3.13.3NIST 800-171 3.13.3: Security Function Separation
3.13.4NIST 800-171 3.13.4: Shared Resource Control
3.13.5NIST 800-171 3.13.5: Public Access Network Separation
3.13.6NIST 800-171 3.13.6: Network Communication Denial
3.13.7Split Tunneling Prevention | NIST 800-171 3.13.7
3.13.8NIST 800-171 3.13.8: Data in Transit Encryption
3.13.9NIST 800-171 3.13.9: Network Disconnection Control
3.14.1NIST 800-171 3.14.1 Flaw Remediation | GRCWatch
3.14.2NIST 800-171 3.14.2: Malicious Code Protection
3.14.3NIST 800-171 3.14.3: Security Alerts & Advisories
3.14.4NIST 3.14.4: Malicious Code Protection Updates
3.14.5NIST 800-171 3.14.5 Malicious Code Scanning Compliance
3.14.6NIST 800-171 3.14.6: Security Function Monitoring
3.14.7NIST 800-171 3.14.7: Unauthorized Use Identification
3.2.1NIST 800-171 3.2.1: Security Awareness Training
3.2.2NIST 800-171 3.2.2: Role-Based Training Control
3.2.3NIST 800-171 3.2.3: Insider Threat Awareness Training
3.3.1NIST 800-171 3.3.1: System Audit Logging Compliance
3.3.2NIST 800-171 3.3.2: User Accountability Control
3.3.3NIST 800-171 3.3.3: Event Review & Logging Control
3.3.4NIST 800-171 3.3.4: Audit Failure Alerting
3.3.5NIST 800-171 3.3.5: Audit Reduction and Review
3.3.6NIST 800-171 3.3.6: Audit Record Reduction & Reporting
3.3.7NIST 800-171 3.3.7: Authoritative Time Source Compliance
3.3.8NIST 800-171 3.3.8: Audit Log Protection
3.3.9NIST 800-171 3.3.9: Audit Management Control
3.4.1NIST 800-171 3.4.1: Baseline Configurations
3.4.2NIST 800-171 3.4.2: Security Configuration Enforcement
3.4.3NIST 800-171 3.4.3: System Change Control
3.4.4NIST 800-171 3.4.4: Security Impact Analysis
3.4.5NIST 800-171 3.4.5: Access Restrictions for Change Control
3.4.6NIST 800-171 3.4.6: Least Functionality Control
3.4.7NIST 800-171 3.4.7: Disable Nonessential Programs & Services
3.4.8NIST 800-171 3.4.8: Application Execution Policy
3.4.9NIST 800-171 3.4.9: User-Installed Software Control
3.5.1NIST 800-171 3.5.1: User Identification Control
3.5.10NIST 800-171 3.5.10: Cryptographic Password Protection
3.5.11NIST 800-171 3.5.11: Obscuring Authentication Feedback
3.5.2NIST 800-171 3.5.2: User Authentication Control
3.5.3NIST 800-171 3.5.3: Multi-Factor Authentication Control
3.5.4NIST 800-171 3.5.4: Replay-Resistant Authentication
3.5.5NIST 800-171 3.5.5: Identifier Reuse Prevention Control
3.5.6NIST 800-171 3.5.6: Identifier Handling & Inactivity Disablement
3.5.7NIST 800-171 3.5.7: Password Complexity Requirements
3.5.8NIST 800-171 3.5.8: Password Reuse Prohibition
3.5.9NIST 800-171 3.5.9: Temporary Password Control
3.6.1NIST 800-171 3.6.1: Incident Handling Capability
3.6.2NIST 800-171 3.6.2: Incident Tracking & Reporting
3.6.3NIST 800-171 3.6.3: Incident Response Testing
3.7.1NIST 800-171 3.7.1: System Maintenance Control
3.7.2NIST 800-171 3.7.2: System Maintenance Tools Control
3.7.3NIST 800-171 3.7.3 Equipment Sanitization | GRCWatch
3.7.4NIST 800-171 3.7.4: Media Inspection After Maintenance
3.7.5NIST 800-171 3.7.5: MFA for Maintenance Sessions
3.7.6NIST 800-171 3.7.6: Maintenance Personnel Supervision
3.8.1NIST 800-171 3.8.1: Media Access Protection
3.8.2NIST 800-171 3.8.2: Media Access Control for CUI
3.8.3NIST 800-171 3.8.3: Media Sanitization & Disposal
3.8.4NIST 800-171 3.8.4: Media Marking for CUI Protection
3.8.5NIST 800-171 3.8.5: Media Accountability & CUI Protection
3.8.6NIST 800-171 3.8.6: CUI Encryption During Transport
3.8.7NIST 800-171 3.8.7: Removable Media Control
3.8.8NIST 800-171 3.8.8: Shared Media Prohibition Control
3.8.9NIST 800-171 3.8.9: CUI Protection at Backup Sites
3.9.1NIST 800-171 3.9.1 Personnel Screening | GRCWatch
3.9.2NIST 800-171 3.9.2: Personnel Termination & CUI Protection