NIST 800-171 Compliance Software

Access Control

AC-6 Least Privilege

The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

BrowseControl

• Granularly control which websites, intranet portals, and web services users can access
• Prevent users from launching specific software executables

AccessPatrol

• Granularly restrict portable storage devices, wireless connections, and other peripherals based on groups of computers or users | Learn More
• Ensure only authorized removable media is able to be used
• Get alerts when unknown or blocked removable media is inserted into endpoints

AC-18 Wireless Access

The organization:

a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and

b. Authorizes wireless access to the information system prior to allowing such connections.

AC-18 (3) Disable Wireless Networking
The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment.

AccessPatrol

• Selectively disable Bluetooth, Infrared, and WiFi on endpoints

AC-19 (4)(c)

Restricts the connection of classified mobile devices to classified information systems in accordance with [Assignment: organization-defined security policies].

AccessPatrol

• Lock portable devices such as mobile phones from connecting to endpoints
• Block endpoints from using Bluetooth and WiFi

Audit and Accountability

AU-3 Content of Audit Records

The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

AU-6 Audit Review, Analysis, and Reporting

The organization:

a. Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and

b. Reports findings to [Assignment: organization-defined personnel or roles].

AU-8 Time Stamps:

The information system:
a. Uses internal system clocks to generate timestamps for audit records; and

b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement].

AU-14 Session Audit:
The information system provides the capability for authorized users to select a user session to capture/record or view/hear.

Session audits include, for example, tracking websites visited and recording information and/or file transfers

BrowseReporter

• Automated reports and alerts on internet usage, such as attempts to visit high-risk websites
• Dashboards provide access to raw data for further analysis
• Capture screenshots of user desktops
• Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

AccessPatrol

• Reports and alerts on peripheral device usage and file transfers to removable media
• Dashboards provide access to raw data for further analysis
• Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

enPowerManager

• Reports on logon and logoff times as well as PC power events (startup, shutdown, sleep, or hibernate)

CurrentWare Web Console

• CurrentWare admin activity logs provide details of configuration changes to monitor for malicious or negligent admin activity within the CurrentWare Suite

AU-4 Audit Storage Capacity
The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].

AU-11 Audit Record Retention:
The organization retains audit records for [Assignment: organization-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

 The CurrentWare Suite is hosted and managed by your company either on-premises or via a cloud service provider of your choice, giving you full control over data retention.

Data can be culled automatically after a set time period; which data types are retained can also be customized.

AU-15 Alternate Audit Capability:

The organization provides an alternate audit capability in the event of a failure in primary audit capability that provides [Assignment: organization-defined alternate audit functionality].

All of CurrentWare’s security policies and user activity data have a local cache failsafe in the event that a connection to the server is lost.

All user activity is still captured and will sync with the primary database once a connection is reestablished.

Configuration Management

CM-7 Least Functionality
The organization:

 a. Configures the information system to provide only essential capabilities; and

b. Prohibits or restricts the use of the following functions, ports, protocols, and/or services: [Assignment: organization-defined prohibited or restricted functions, ports, protocols, and/or services].

CM-7 (4)(b)

The organization employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system

BrowseControl

• Application blocker to employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system
• Port filter to disable unneeded TCP/UDP ports at the endpoint level to reduce the attack surface of endpoints with access to the information system

CM-10 Software Usage Restrictions

The organization:

a. Uses software and associated documentation in accordance with contract agreements and copyright laws;

b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and

c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

AccessPatrol

• Monitor file transfers to and from removable storage devices for evidence of unlawful distribution or copying.

BrowseReporter

• Track the use of software and SaaS platforms to monitor for overallocation, unauthorized use, and software that the organization does not have commercial licenses for

BrowseControl

• Block network ports and applications associated with peer-to-peer file sharing technology.
• Web category filter includes a database of known file hosting, song/movies download, and warez sites

CM-11 User-Installed Software

The organization:

a. Establishes [Assignment: organization-defined policies] governing the installation of software by users;

b. Enforces software installation policies through [Assignment: organization-defined methods]; and

c. Monitors policy compliance at [Assignment: organization-defined frequency].

AccessPatrol

• Prevent users from transferring software executables to and from removable media devices

BrowseReporter

• Track the use of software and SaaS platforms to monitor for high-risk shadow IT

BrowseControl

• Application blocker to employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system
• Block websites that are known to host executable files.
• Block the download of executables from the internet

Incident Response

IR-5 Incident Monitoring

The organization tracks and documents information system security incidents.

IR-5 (1)
The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.

BrowseReporter

• Email alerts send user activity reports to a designated inbox when specified events occur
• Dashboards provide access to raw data for further analysis
• Capture screenshots of user desktops
• Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

AccessPatrol

• Email alerts send user activity reports related to peripheral devices to a designated inbox when specified events occur
• Dashboards provide access to raw data for further analysis
• Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

enPowerManager

• Reports on logon and logoff times as well as PC power events (startup, shutdown, sleep, or hibernate)

CurrentWare Web Console

• CurrentWare admin activity logs provide details of configuration changes to monitor for malicious or negligent admin activity within the CurrentWare Suite

Media Protection

MP-7 Media Use:
The organization [Selection: restricts; prohibits] the use of [Assignment: organization-defined types of information system media] on [Assignment: organization-defined information systems or system components] using [Assignment: organization-defined security safeguards].

AccessPatrol

• Block peripheral devices such as printers, scanners, cameras, Bluetooth, cell phones, USB removable storage devices, optical media, floppy disks, tape, and SD/MM cards.
• Allowed list provides exemptions for authorized removable storage devices.

Learn More: Which devices can I control with AccessPatrol?

Systems and Services Acquisition

SA-9 External Information System Services | Processing, Storage, and Service Location

The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions].

Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services.

The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. 

All data collected by the CurrentWare Suite is controlled and managed by the organization with no reliance on third-party data processors or controllers required.

The organization can host the data on-premises or with a trusted cloud services provider of their choice.

System and Communications Protection

SC-43 Usage Restrictions

The organization:

a. Establishes usage restrictions and implementation guidance for [Assignment: organization-defined information system components] based on the potential to cause damage to the information system if used maliciously; and

b. Authorizes, monitors, and controls the use of such components within the information system.

Information system components include hardware, software, or firmware components (e.g., Voice Over Internet Protocol, mobile code, digital copiers, printers, scanners, optical devices, wireless technologies, mobile devices).

AccessPatrol

• Users can be restricted from using printers, scanners, optical devices, wireless technologies, and mobile devices on managed devices.
• Monitor the connection history of a variety of peripherals including portable storage, printers, scanners, optical devices, wireless technologies, and mobile devices on managed devices.

BrowseControl

• Access to websites, applications, and network ports can be restricted.

BrowseReporter

• Computer usage can be monitored including application usage, bandwidth consumption, and web browsing.