3.13 SYSTEM AND COMMUNICATIONS PROTECTION

By wnoble2005@gmail.com (William Noble) 📅 2024-03-03

NIST 800-171 control 3.13, safeguards information systems and communication channels by requiring organizations to monitor, control and protect them. This improves data confidentiality, integrity, and availability. It assigns responsibility for implementing security controls like access controls, firewalls, and encryption to protect against unauthorized access, use, disclosure, disruption, modification, or destruction of information.

(Image credit: q4q.com)

IST 800-171 lays out security controls for non-federal organizations that handle Controlled Unclassified Information (CUI) for the government. One key control family, "3.13 System and Communications Protection," focuses on safeguarding information systems and the channels they use to communicate.

This family of controls mandates various measures to achieve that protection. Organizations must implement general security practices like securing system boundaries, identifying and addressing security issues, protecting information at rest and in transit, controlling user access, and providing security awareness and training. Additionally, they are required to conduct risk assessments to pinpoint vulnerabilities in their systems and communication channels. Based on these assessments, they must create and implement security plans to mitigate those risks.

In essence, NIST 800-171's "3.13 System and Communications Protection" ensures that organizations have a solid foundation of security practices in place to safeguard CUI. This includes both general security measures and targeted actions based on identified vulnerabilities.

Go to 3.13 SYSTEM AND COMMUNICATIONS PROTECTION Page

Contents of 3.13 SYSTEM AND COMMUNICATIONS PROTECTION:

3.13.1 Monitor, control, and protect commun...systems

3.13.2 Employ architectural designs, softwa...systems

3.13.3 Separate user functionality from sys...onality

3.13.4 Prevent unauthorized and unintended....sources

3.13.5 Implement subnetworks for publicly a...etworks

3.13.6 Deny network communications traffic....eption)

3.13.7 Prevent remote devices from simultan...neling)

3.13.8 Implement cryptographic mechanisms t...eguards

3.13.9 Terminate network connections associ...ctivity

3.13.10 Establish and manage cryptographic....systems

3.13.11 Employ FIPS-validated cryptography.....of CUI

3.13.12 Prohibit remote activation of colla....device

3.13.13 Control and monitor the use of mobile code

3.13.14 Control and monitor the use of Voic...ologies

3.13.15 Protect the authenticity of communi...essions

3.13.16 Protect the confidentiality of CUI at rest

☰

Back

About "3.13 SYSTEM AND COMMUNICA...CTION" 🡃

Category:Cybersecurity Maturity Model
Family:Access Control (AC 3.1), Audit and Accountability (AC 3.3), Awareness Training (AC 3.2), Configuration Management (AC 3.4), Identification and Authentication (AC 3.5), Incident Response (AC 3.6), Maintenance (AC 3.7), Media Protection (AC 3.8), Personnel Security (AC 3.9), Physical Protection (AC 3.10), Risk Assessment (AC 3.11), Security Assessment (AC 3.12), System and Communications Protection (AC 3.13), System and Information Integrity (AC 3.14)
NIST:NIST SP 800-171r3

#CybersecurityMaturityModel

⬅ Back to NIST Special Publication NIST SP 800-171r3

NIST Special Publication NIST SP 800-171r3

3.13 SYSTEM AND COMMUNICATIONS PROTECTION

More on q4q.com

Q4Q Technical Solutions