In order for U.S. Defense contractors to be able to comply with DFARS 800-171, there are a multitude of rules and regulation requirements that must be met, upheld and mapped to their organization for complete Controlled Unclassified Information (CUI) DFARS 800-171 compliance. The first section to audit is the organizations ability to establish and maintain their access security controls and to prove that they are operational through the audit mapping process. The Access Control section of DFARS 800-171 is listed as the first criteria as Regulation 3.1 Access Control Requirements. The section consists of 22 distinct requirements which are as follows; 3.1.1 - Limit Access to Authorized Users, 3.1.2 - Limited Use of System Permissions, 3.1.3 - Control the Flow of CUI, 3.1.4 - Separation of Duties, 3.1.5 - Principle of Least Privilege, 3.1.6 – Limiting The Use of Non-privileged Accounts or Roles, 3.1.7 - Prevent Non-Privileged Users from Executing Privileged Functions and Capture the Execution of such Functions in Audit Logs, 3.1.8 - Limit Unsuccessful Logon Attempts, 3.1.9 - Provide Privacy and Security Notices, 3.1.10 - Use Session Lock with Pattern-Hiding Displays to Prevent Access of Data, 3.1.11 - Terminate (automatically) A User’s Session After A Defined Condition, 3.1.12 - Monitor and Control Remote Access Sessions, 3.1.13 - Employ Cryptographic Mechanisms to Protect The Confidentiality of Remote Access Sessions, 3.1.14 - Route Remote Access by Managed Control Points, 3.1.15 - Authorize Remote Execution of Privileged Commands and Remote Access to Security-Relevant Information, 3.1.16 - Authorize Wireless Access Prior to Allowing such Connections, 3.1.17 - Protect Wireless Using Authentication and Encryption, 3.1.18 - Control Connection of Mobile Devices, 3.1.19 - Encrypt CUI on Mobile Devices and Mobile Computing Platforms, 3.1.20 - Verify and Control / Limit Connections to and use of External Systems, 3.1.21 - Limit Use of Portable Storage Devices on External Systems, and finally the last Access Control Requirement to be mapped, 3.1.22 - Control CUI Posted or Processed on Publicly Accessible Systems. Each subsection of the requirements above has a discussion section written in detail with an explanation of how to map the requirement in order to comply. Redport IA, LLC has simplified this process with its patented “OneSevenOne” product. Redport IA, LLC wishes that you continue to explore this product and to download a trial copy to assist your Defense Contracting organization to quickly become DFARS 800-171 compliant.  To download your copy of OneSevenOne please go to https://nist-800-171.com/By Dr. Randall SylvertoothSource:https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA