NIST 800-171 Compliance Software

Protect controlled unclassified information with the robust data loss prevention, endpoint security, and user activity monitoring features in the CurrentWare Suite.

  • Control Removable Media & Other Peripherals

    Prevent the unauthorized use of high-risk wireless and peripheral devices
  • Endpoint Security Controls for Defense-in-Depth

    Minimize the attack surface of endpoints within information systems
  • Advanced Awareness & Access Control

    Monitor and restrict user activity to protect sensitive information

Trusted By:

CW_AXA_logo
CW_AXA_logo
bostoncenterless logo

& many more

Trusted by:

CW_AXA_logo
Pepsi Cola

and more

NIST 800-53 & NIST 800-171 Compliance Requirements
You Can Address With CurrentWare

Requirement CurrentWare Modules & Features

Access Control

AC-6 Least Privilege

The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

BrowseControl

 

  • Granularly control which websites, intranet portals, and web services users can access
  • Prevent users from launching specific software executables

AccessPatrol

  • Granularly restrict portable storage devices, wireless connections, and other peripherals based on groups of computers or users | Learn More
  • Ensure only authorized removable media is able to be used
  • Get alerts when unknown or blocked removable media is inserted into endpoints

AC-18 Wireless Access

The organization:

a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and

b. Authorizes wireless access to the information system prior to allowing such connections.

AC-18 (3) Disable Wireless Networking
The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment.

AccessPatrol

  • Selectively disable Bluetooth, Infrared, and WiFi on endpoints

AC-19 (4)(c)

Restricts the connection of classified mobile devices to classified information systems in accordance with [Assignment: organization-defined security policies].

AccessPatrol

  • Lock portable devices such as mobile phones from connecting to endpoints
  • Block endpoints from using Bluetooth and WiFi
Requirement CurrentWare Modules & Features

Audit and Accountability

AU-3 Content of Audit Records

The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

AU-6 Audit Review, Analysis, and Reporting

The organization:

a. Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and

b. Reports findings to [Assignment: organization-defined personnel or roles].

AU-8 Time Stamps:

The information system:
a. Uses internal system clocks to generate timestamps for audit records; and

b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement].

AU-14 Session Audit:
The information system provides the capability for authorized users to select a user session to capture/record or view/hear.

Session audits include, for example, tracking websites visited and recording information and/or file transfers

BrowseReporter

  • Automated reports and alerts on internet usage, such as attempts to visit high-risk websites
  • Dashboards provide access to raw data for further analysis
  • Capture screenshots of user desktops
  • Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

AccessPatrol

  • Reports and alerts on peripheral device usage and file transfers to removable media
  • Dashboards provide access to raw data for further analysis
  • Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

enPowerManager

  • Reports on logon and logoff times as well as PC power events (startup, shutdown, sleep, or hibernate)

CurrentWare Web Console

  • CurrentWare admin activity logs provide details of configuration changes to monitor for malicious or negligent admin activity within the CurrentWare Suite

AU-4 Audit Storage Capacity
The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].

 

 

AU-11 Audit Record Retention:
The organization retains audit records for [Assignment: organization-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

 The CurrentWare Suite is hosted and managed by your company either on-premises or via a cloud service provider of your choice, giving you full control over data retention.

Data can be culled automatically after a set time period; which data types are retained can also be customized.

AU-15 Alternate Audit Capability:

The organization provides an alternate audit capability in the event of a failure in primary audit capability that provides [Assignment: organization-defined alternate audit functionality].

All of CurrentWare’s security policies and user activity data have a local cache failsafe in the event that a connection to the server is lost.

All user activity is still captured and will sync with the primary database once a connection is reestablished.

 

Requirement CurrentWare Modules & Features

Configuration Management

CM-7 Least Functionality
The organization:

 a. Configures the information system to provide only essential capabilities; and

b. Prohibits or restricts the use of the following functions, ports, protocols, and/or services: [Assignment: organization-defined prohibited or restricted functions, ports, protocols, and/or services].

CM-7 (4)(b)

The organization employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system

BrowseControl

  • Application blocker to employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system
  • Port filter to disable unneeded TCP/UDP ports at the endpoint level to reduce the attack surface of endpoints with access to the information system

CM-10 Software Usage Restrictions

The organization:

a. Uses software and associated documentation in accordance with contract agreements and copyright laws;

b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and

c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

AccessPatrol

  • Monitor file transfers to and from removable storage devices for evidence of unlawful distribution or copying.

BrowseReporter

  • Track the use of software and SaaS platforms to monitor for overallocation, unauthorized use, and software that the organization does not have commercial licenses for

BrowseControl

  • Block network ports and applications associated with peer-to-peer file sharing technology.
  • Web category filter includes a database of known file hosting, song/movies download, and warez sites

CM-11 User-Installed Software

The organization:

a. Establishes [Assignment: organization-defined policies] governing the installation of software by users;

b. Enforces software installation policies through [Assignment: organization-defined methods]; and

c. Monitors policy compliance at [Assignment: organization-defined frequency].

AccessPatrol

  • Prevent users from transferring software executables to and from removable media devices

BrowseReporter

  • Track the use of software and SaaS platforms to monitor for high-risk shadow IT

BrowseControl

  • Application blocker to employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system
  • Block websites that are known to host executable files.
  • Block the download of executables from HTTP sites. (HTTPS in development)
Requirement CurrentWare Modules & Features

Incident Response

IR-5 Incident Monitoring

The organization tracks and documents information system security incidents.

IR-5 (1)
The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.

BrowseReporter

  • Email alerts send user activity reports to a designated inbox when specified events occur
  • Dashboards provide access to raw data for further analysis
  • Capture screenshots of user desktops
  • Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

AccessPatrol

  • Email alerts send user activity reports related to peripheral devices to a designated inbox when specified events occur
  • Dashboards provide access to raw data for further analysis
  • Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

enPowerManager

  • Reports on logon and logoff times as well as PC power events (startup, shutdown, sleep, or hibernate)

CurrentWare Web Console

  • CurrentWare admin activity logs provide details of configuration changes to monitor for malicious or negligent admin activity within the CurrentWare Suite

 

Requirement CurrentWare Modules & Features

Media Protection

MP-7 Media Use:
The organization [Selection: restricts; prohibits] the use of [Assignment: organization-defined types of information system media] on [Assignment: organization-defined information systems or system components] using [Assignment: organization-defined security safeguards].

AccessPatrol

  • Block peripheral devices such as printers, scanners, cameras, Bluetooth, cell phones, USB removable storage devices, optical media, floppy disks, tape, and SD/MM cards.
  • Allowed list provides exemptions for authorized removable storage devices.

Learn More: Which devices can I control with AccessPatrol?

 

 

 

Requirement CurrentWare Modules & Features

Systems and Services Acquisition

SA-9 External Information System Services | Processing, Storage, and Service Location

The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions].

Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services.

The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. 

All data collected by the CurrentWare Suite is controlled and managed by the organization with no reliance on third-party data processors or controllers required.

 

The organization can host the data on-premises or with a trusted cloud services provider of their choice.

 

Requirement CurrentWare Modules & Features

System and Communications Protection

SC-43 Usage Restrictions

The organization:

a. Establishes usage restrictions and implementation guidance for [Assignment: organization-defined information system components] based on the potential to cause damage to the information system if used maliciously; and

b. Authorizes, monitors, and controls the use of such components within the information system.

Information system components include hardware, software, or firmware components (e.g., Voice Over Internet Protocol, mobile code, digital copiers, printers, scanners, optical devices, wireless technologies, mobile devices).

AccessPatrol

  • Users can be restricted from using printers, scanners, optical devices, wireless technologies, and mobile devices on managed devices.
  • Monitor the connection history of a variety of peripherals including portable storage, printers, scanners, optical devices, wireless technologies, and mobile devices on managed devices.

BrowseControl

  • Access to websites, applications, and network ports can be restricted.

BrowseReporter

  • Computer usage can be monitored including application usage, bandwidth consumption, and web browsing.

 

 

viking yachts

Case Study

Viking Yachts Protects Sensitive Information From a Departing Employee

“CurrentWare saved us a lot of time and money. If we didn’t have AccessPatrol we would have never known what was going on. I cannot thank all of you enough for this software.”

A departing employee was caught stealing classified files! If we didn’t have AccessPatrol we would never have known.

Flexible Deployment Options

On-Premises | Remote Workers | Self-Managed Cloud Platforms

When you use CurrentWare's solutions the data you collect remains solely in your control, giving you the flexibility to decide where data is stored and for how long. Your employee’s data cannot be accessed by CurrentWare.

hp-on-premise

Download the Free Trial

Get started today with a free fully-functional 14-day trial of the CurrentWare Suite. No credit card required to sign up!

hp-private-cloud

Deploy the Software

Install the Console & Server on a computer, server, or a cloud platform of your choice. Then deploy the Clients to your users’ computers.

manage-remote-workers-and-users

Manage your Users

Organize your PCs/Users into custom policy groups. Get advanced awareness & control over how technology is used in your organization.

Free removable media policy template from CurrentWare

FREE DOWNLOAD
Removable Media Policy

Download this data security policy template to prevent data leakage to USB flash drives and other removable storage devices.

  • Set data security standards for portable storage
  • Define the acceptable use of removable media
  • Inform your users about their security responsibilities

Check Out Our Great Reviews on Capterra!

This software helps us to achieve compliance with industry and government requirements with respect to controlling the use of removable storage media. It fits the bill perfectly.

Matthew W., Project Manager
Aviation & Aerospace Industry, 11-50 employees

[AccessPatrol] has been a great benefit to secure USB devices and access to company computers. We now have the ability to secure machines that otherwise would have been exposed to threats.

Jordan F., Senior IT Specialist
Machinery Industry, 1001-5000 employees

Data leaks have been thwarted by AccessPatrol. When an unauthorized device is detected, an email alert is sent immediately. It enables real-time audit reports on accessed and blocked devices.

Karen M., Senior Director of Marketing
Construction Industry, 10,001+ employees

We have experienced data leaks by dishonest employees in the past and AccessPatrol has helped us avoid them and work with greater security and peace of mind for us and our customers.

Julio V., Head of Information Technology
Financial Services Industry, 10,001+ employees

CurrentWare Suite

Get all 4 modules for the best value or choose the exact solution you need

Get Advanced Activity Insights

BrowseReporter is a versatile employee monitoring software to track productivity and efficiency.

  • Make informed decisions
  • Enforce company policies
  • Improve productivity

BrowseReporter productivity dashboard - individual user

Block Harmful Websites

BrowseControl is an easy-to-use website blocking software for restricting internet access.

  • Block URLs & categories
  • Block unwanted apps
  • Website allow & block lists

Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

Stop Data Theft to USB Devices

AccessPatrol is USB control software to protect sensitive data against theft to portable storage devices.

  • Block USB devices
  • USB file activity alerts
  • Block file transfers

AccessPatrol peripheral device permissions mockup block usb

Control PC Power States

enPowerManager is a remote PC power manager for centrally managing power settings across all endpoints.

  • Track logon and logoff times
  • Log PC power event history
  • Remotely shutdown PCs

Screenshot of enPowerManager's PC power schedule with weekly boot, restart, and shutdown events scheduled

CurrentWare Features

Internet Off

Internet ON/OFF

One click to completely block
the Internet

Internet Off

URL Filter

Allow or block specific URLs; customize policies for each group

Internet Off

Category Filtering

Block websites based on
content categories

Internet Off

Internet Scheduler

Set unique restrictions at specific
times of the day

Internet Off

Internet Monitoring

Monitor web browsing, keyword searches, and more

Internet Off

Computer Activity Reports

15+ different detailed web
activity reports

Internet Off

Track Application Use

See what applications are being
used by employees

Internet Off

Email Reports

Automatically email user activity reports to designated inboxes

Internet Off

Block USB

Block unauthorized USBs to protect
against data theft

Internet Off

Block External Devices

Easily block DVDs, external drives
& other peripherals

Internet Off

Device Permissions

Set full access, read only or no
access on storage devices

Internet Off

Allowed List

Allow specific storage devices on
your network

Internet Off

Centralized Console

Manage all your users from the
centralized console with Active
Directory import or syncing

Internet Off

Platform Security

Protect your CurrentWare console
with 2FA, passwords, privilege
management, and more

Internet Off

Offsite Management

Extend onsite security policies to any remote computer running outside the corporate network

Internet Off

SQL Server Supported

Database scaled for enterprise and
large business operations using
Microsoft SQL Server

CurrentWare

Get Started Today
With a Free Trial

Fully functional. Easy to use. Install in minutes.

Learn How to Meet These
Compliance Requirements With CurrentWare

NERC CIP Compliance

Protect TCAs & BCSI From Insider Threats

Learn More

ISO 27001 Compliance

Critical Security Controls for Your ISMS

Learn More

CIPA Compliance for Education

Qualify for the FCC’s E-Rate program

Learn More

NIST logo

NIST 800-171 & 800-53

Protect Controlled Unclassified Information

Learn More

Meet NIST 800-53 & NIST 800-171 Compliance With CurrentWare