Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

BloxOne Threat Defense and Threat Intelligence

Reply

Infoblox and NIST 800-171, helping with compliance

Moderator
Moderator
Posts: 69
3214     1

The National Institute of Standards and Technology (NIST) has created the standard known as NIST 800-171, which was created due in part to the FISMA bill signed into action as of December 2014. The standard is in place for a guide on the minimum requirements for federal information systems and as a voluntary guide for nongovernmental organizations, but voluntary does not apply to businesses or contractors that handle, store, or transmit Controlled Unclassified Information (CUI) for the US government. The NIST 800-171 addresses security around CUI.

 

For those that are affected by the NIST 800-171, the NIST gives them the ability to review the modifications and changes that are being made to the standard and for organizations and contractors to suggest changes to the security requirements at https://csrc.nist.gov/publications. This gives organizations the ability to keep ahead of the game and to make sure they are always staying compliant. If organizations find security requirements that matches the following criteria inside the NIST 800-171:

 

  •       Uniquely federal (i.e., primarily the responsibility of the federal government);
  •       Not directly related to protecting the confidentiality of CUI;
  •       Expected to be routinely satisfied by nonfederal organizations without specification.

 

Then this may be a chance for organizations or contractors to let the NIST know it so they can fix it in further publications as these shouldn’t be inside the NIST 800-171 and will help organization compliance to be simpler and smoother.

 

The NIST 800-171 strongly affect any businesses or contractors that process, store, or transmit CUI. The full list of potential CUI can be found on the National Archives page here: https://www.archives.gov/cui/registry/category-list. If an organization touches any of the CUI listed here and are not compliant with the NIST 800-171, they are at risk for losing any contracts organizations have with the US government. The NIST 800-171 is not being enforced everywhere, however, over the course of the next few years, NIST 800-171 will have more authority and be enforced more strictly.

 

Infoblox, which is the leader in the DDI market with a secured DNS resolver, helps organization stay within compliance with the NIST 800-171 but here are just some of the security requirements that Infoblox helps organizations stay compliant in from the NIST 800-171 security requirements list:

 

3.1.3. Control the flow of CUI in accordance with approved authorizations:

Infoblox keeps users from accessing certain resources by blocking the IPs and URLs. Infoblox also helps prevent data exfiltration and infiltration through the DNS which helps control the flow of CUI going to malicious entities.

 

3.1.11. Terminate (automatically) a user session after a defined condition:

Through the use of our ecosystem Infoblox can inform appliances such as NAC’s and they visit Firewalls.

 

3.1.12. Monitor and control remote access sessions:

Infoblox allows organizations to monitor all the networks with IPAM and allows organizations to remove someone’s lease if needed.

 

3.1.18. Control connection of mobile devices:

With Infoblox organizations can see all the device on the network and remove a device if needed. Infoblox helps to efficiently manage which networks need to be looked at and to have additional help for managing mobile devices.

 

3.1.20. Verify and control/limit connections to and use of external systems:

Infoblox allows organizations to set up all remote and internal users to a single DNS point of reference so users don’t access external DNS servers that could be poisoned or malicious. Infoblox also allows organizations to block users from accessing sites remotely that could allow for the use of external systems.

 

3.1.22. Control CUI posted or processed on publicly accessible systems:

Infoblox allows organizations to block access to all media sites and control which sites a user can’t gain access to.

 

3.3.1. Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity:

Infoblox provides an extensive list of all sites a user has visited, including, a complete lease history for a device that was on the network which is needed to enable the monitoring, analysis, investigation and reporting of unlawful or unauthorized system activity

 

3.3.2. Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions:

Infoblox allows organizations to keep track of all devices on the network and what IP’s they have connected with a comprehensive lease history including the sites visited.

 

3.4.1. Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles:

Infoblox provides network discovery of all components on networks and allows organizations to quickly evaluate what devices are on the network and what type of firmware and hardware is on it. NetMRI users can also automate many of the updates for software.

 

3.4.2. Establish and enforce security configuration settings for information technology products employed in organizational systems:

With NetMRI Organizations can automate much of this process.

 

3.4.7 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services:

With Infoblox’s Secure DNS server Organizations can limit the access to all nonessential sites and helping protect DNS traffic from nonessential sites.

 

3.5.1. Identify system users, processes acting on behalf of users, and devices:

Infoblox provides organizations with the ability to know all the IP and MAC addresses on the network, including several other device-unique token identifiers.

 

3.6.1. Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities:

Infoblox provides organizations with the contextual data needed to expedite the full incident-handling operation.

 

3.6.2. Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization:

Here, Infoblox provides organizations with easy ways visualize the incidents that are occurring on the DDI network.

 

3.7.1. Perform maintenance on organizational systems:

Infoblox provides organizations with the ability to confirm the maintenance of organization systems with the devices information. Infoblox also provides a quick and easy way to organize all the assets with the ability to map devices with Extensible attributes.

 

3.11.2. Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified:

Infoblox provides organizations with the ability to scan devices as they come on the network with third-party vendors such as Tenable, Rapid7 and Qualys. Infoblox has the vision of the whole network and knows when devices come on the network which allows for scanning software to quickly scan a system.

 

3.13.1. Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems:

Infoblox Provides Organizations with the ability to Monitor, control and protect communications through the DNS with data exfiltration and infiltration protection and the ability to prevent access to different malicious sites.

 

3.13.5. Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks:

Infoblox helps organizations to more quickly and efficiently set up and manage demilitarized zones within an organization by managing the IP’s of the routers, gateways and firewalls.

 

3.13.6. Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception):

Infoblox helps organizations with this by preventing Botnet communications through the DNS and prevent unpermitted communications.

 

3.13.7. Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling):

Infoblox helps organizations to prevent unsecured DNS resolvers when outside the organization.

 

3.14.2. Provide protection from malicious code at designated locations within organizational systems:

Infoblox Provides Organizations from data Infiltration through the DNS and helps prevent the injection of code executions on their environment.

 

3.14.3. Monitor system security alerts and advisories and take action in response:

Infoblox Provides Organizations with large quantities of continuous alerts for IoC information from itself and from many third parties such as SURBL, DHS, NCCIC and more. Infoblox also provides users with custom list of IoC’s from the custom data that is flowing through an organization's network.

 

3.14.6. Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks:

Infoblox provides organizations the ability to monitor all DNS traffic and detect when an attack through the DNS is occurring.

 

3.14.7. Identify unauthorized use of organizational systems:

Infoblox provides organizations the ability to monitor all DNS traffic and will help organizations know when unauthorized use of organizational systems has occurred with alerts on when a user access malicious or unauthorized resources through the DNS.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

What's Latest with ActiveTrust? Community Webinar Archive