NIST 800-171 Compliance Software

Protect controlled unclassified information with the robust data loss prevention, endpoint security, and user activity monitoring features in the CurrentWare Suite.

  • Control Removable Media & Other PeripheralsPrevent the unauthorized use of high-risk wireless and peripheral devices
  • Endpoint Security Controls for Defense-in-DepthMinimize the attack surface of endpoints within information systems
  • Advanced Awareness & Access ControlMonitor and restrict user activity to protect sensitive information

NIST 800-53 & NIST 800-171 Compliance Requirements
You Can Address With CurrentWare

Requirement CurrentWare Modules & Features

Access Control

AC-6 Least Privilege

The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

BrowseControl

 

  • Granularly control which websites, intranet portals, and web services users can access
  • Prevent users from launching specific software executables

AccessPatrol

  • Granularly restrict portable storage devices, wireless connections, and other peripherals based on groups of computers or users | Learn More
  • Ensure only authorized removable media is able to be used
  • Get alerts when unknown or blocked removable media is inserted into endpoints

AC-18 Wireless Access

The organization:

a. Establishes usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and

b. Authorizes wireless access to the information system prior to allowing such connections.

AC-18 (3) Disable Wireless Networking
The organization disables, when not intended for use, wireless networking capabilities internally embedded within information system components prior to issuance and deployment.

AccessPatrol

  • Selectively disable Bluetooth, Infrared, and WiFi on endpoints

AC-19 (4)(c)

Restricts the connection of classified mobile devices to classified information systems in accordance with [Assignment: organization-defined security policies].

AccessPatrol

  • Lock portable devices such as mobile phones from connecting to endpoints
  • Block endpoints from using Bluetooth and WiFi
Requirement CurrentWare Modules & Features

Audit and Accountability

AU-3 Content of Audit Records

The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

AU-6 Audit Review, Analysis, and Reporting

The organization:

a. Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and

b. Reports findings to [Assignment: organization-defined personnel or roles].

AU-8 Time Stamps:

The information system:
a. Uses internal system clocks to generate timestamps for audit records; and

b. Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement].

AU-14 Session Audit:
The information system provides the capability for authorized users to select a user session to capture/record or view/hear.

Session audits include, for example, tracking websites visited and recording information and/or file transfers

BrowseReporter

  • Automated reports and alerts on internet usage, such as attempts to visit high-risk websites
  • Dashboards provide access to raw data for further analysis
  • Capture screenshots of user desktops
  • Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

AccessPatrol

  • Reports and alerts on peripheral device usage and file transfers to removable media
  • Dashboards provide access to raw data for further analysis
  • Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

enPowerManager

  • Reports on logon and logoff times as well as PC power events (startup, shutdown, sleep, or hibernate)

CurrentWare Web Console

  • CurrentWare admin activity logs provide details of configuration changes to monitor for malicious or negligent admin activity within the CurrentWare Suite

AU-4 Audit Storage Capacity
The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].

 

 

AU-11 Audit Record Retention:
The organization retains audit records for [Assignment: organization-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

 The CurrentWare Suite is hosted and managed by your company either on-premises or via a cloud service provider of your choice, giving you full control over data retention.

Data can be culled automatically after a set time period; which data types are retained can also be customized.

AU-15 Alternate Audit Capability:

The organization provides an alternate audit capability in the event of a failure in primary audit capability that provides [Assignment: organization-defined alternate audit functionality].

All of CurrentWare’s security policies and user activity data have a local cache failsafe in the event that a connection to the server is lost.

All user activity is still captured and will sync with the primary database once a connection is reestablished.

 

Requirement CurrentWare Modules & Features

Configuration Management

CM-7 Least Functionality
The organization:

 a. Configures the information system to provide only essential capabilities; and

b. Prohibits or restricts the use of the following functions, ports, protocols, and/or services: [Assignment: organization-defined prohibited or restricted functions, ports, protocols, and/or services].

CM-7 (4)(b)

The organization employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system

BrowseControl

  • Application blocker to employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system
  • Port filter to disable unneeded TCP/UDP ports at the endpoint level to reduce the attack surface of endpoints with access to the information system

CM-10 Software Usage Restrictions

The organization:

a. Uses software and associated documentation in accordance with contract agreements and copyright laws;

b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and

c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.

AccessPatrol

  • Monitor file transfers to and from removable storage devices for evidence of unlawful distribution or copying.

BrowseReporter

  • Track the use of software and SaaS platforms to monitor for overallocation, unauthorized use, and software that the organization does not have commercial licenses for

BrowseControl

  • Block network ports and applications associated with peer-to-peer file sharing technology.
  • Web category filter includes a database of known file hosting, song/movies download, and warez sites

CM-11 User-Installed Software

The organization:

a. Establishes [Assignment: organization-defined policies] governing the installation of software by users;

b. Enforces software installation policies through [Assignment: organization-defined methods]; and

c. Monitors policy compliance at [Assignment: organization-defined frequency].

AccessPatrol

  • Prevent users from transferring software executables to and from removable media devices

BrowseReporter

  • Track the use of software and SaaS platforms to monitor for high-risk shadow IT

BrowseControl

  • Application blocker to employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system
  • Block websites that are known to host executable files.
  • Block the download of executables from the internet
Requirement CurrentWare Modules & Features

Incident Response

IR-5 Incident Monitoring

The organization tracks and documents information system security incidents.

IR-5 (1)
The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.

BrowseReporter

  • Email alerts send user activity reports to a designated inbox when specified events occur
  • Dashboards provide access to raw data for further analysis
  • Capture screenshots of user desktops
  • Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

AccessPatrol

  • Email alerts send user activity reports related to peripheral devices to a designated inbox when specified events occur
  • Dashboards provide access to raw data for further analysis
  • Uses the internal system clock of the CurrentWare Server’s host to generate timestamps for audit records

enPowerManager

  • Reports on logon and logoff times as well as PC power events (startup, shutdown, sleep, or hibernate)

CurrentWare Web Console

  • CurrentWare admin activity logs provide details of configuration changes to monitor for malicious or negligent admin activity within the CurrentWare Suite

 

Requirement CurrentWare Modules & Features

Media Protection

MP-7 Media Use:
The organization [Selection: restricts; prohibits] the use of [Assignment: organization-defined types of information system media] on [Assignment: organization-defined information systems or system components] using [Assignment: organization-defined security safeguards].

AccessPatrol

  • Block peripheral devices such as printers, scanners, cameras, Bluetooth, cell phones, USB removable storage devices, optical media, floppy disks, tape, and SD/MM cards.
  • Allowed list provides exemptions for authorized removable storage devices.

Learn More: Which devices can I control with AccessPatrol?

 

 

 

Requirement CurrentWare Modules & Features

Systems and Services Acquisition

SA-9 External Information System Services | Processing, Storage, and Service Location

The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions].

Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services.

The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. 

All data collected by the CurrentWare Suite is controlled and managed by the organization with no reliance on third-party data processors or controllers required.

 

The organization can host the data on-premises or with a trusted cloud services provider of their choice.

 

Requirement CurrentWare Modules & Features

System and Communications Protection

SC-43 Usage Restrictions

The organization:

a. Establishes usage restrictions and implementation guidance for [Assignment: organization-defined information system components] based on the potential to cause damage to the information system if used maliciously; and

b. Authorizes, monitors, and controls the use of such components within the information system.

Information system components include hardware, software, or firmware components (e.g., Voice Over Internet Protocol, mobile code, digital copiers, printers, scanners, optical devices, wireless technologies, mobile devices).

AccessPatrol

  • Users can be restricted from using printers, scanners, optical devices, wireless technologies, and mobile devices on managed devices.
  • Monitor the connection history of a variety of peripherals including portable storage, printers, scanners, optical devices, wireless technologies, and mobile devices on managed devices.

BrowseControl

  • Access to websites, applications, and network ports can be restricted.

BrowseReporter

  • Computer usage can be monitored including application usage, bandwidth consumption, and web browsing.

 

 

CASE STUDY

Viking Yachts Stops Departing Employee From Stealing Intellectual Property

CurrentWare saved us a lot of time and money. If we didn’t have them we would have never known what was going on. I cannot thank them enough for this software; being able to audit removable drives is invaluable.

Tennessee College of Applied Technology

Flexible Deployment Options

With CurrentWare’s cybersecurity, web filtering, data loss prevention, and user activity monitoring solutions you’re in complete control of how your data is stored, secured, and retained. Your employees' data cannot be accessed by CurrentWare.

hp-on-premise

On Premises

Keep Control of Your Data

 

Install the management software on a standard computer, then deploy the client software to your users' computers

hp-private-cloud

Remote Workers

Monitor & Manage on Any Network

 

Connect your remote employees’ computers to the management software with simple port forwarding rules

manage-remote-workers-and-users

Self-Managed Cloud & VDI

Citrix, Azure, AWS, GCP, and More!

 

Enjoy the scalability and availability of the cloud alongside the security, control, and flexibility of our on-premises solution

Free removable media policy template from CurrentWare

FREE DOWNLOAD
Removable Media Policy Template 

Download this data security policy template to prevent data leakage to USB flash drives and other removable storage devices.

  • Set data security standards for portable storage
  • Define the acceptable use of removable media
  • Inform your users about their security responsibilities

We’re Here to Help

The CurrentWare team prides itself on its high-quality customer support. We will support you every step of the way—whether you’re just starting your free trial or actively using CurrentWare in your network.

At CurrentWare, customer success is our priority at every stage of your journey. We take pride in providing high-quality and reliable pre and post-sale support to make your experience exceptional.

We offer the same level of high-quality support to all of our customers—no extra fees or packages necessary!

Mike Noseworthy
Customer Support Lead

Product Training

CurrentWare provides the documentation, training, and other resources you need to take full advantage of the capabilities of our products.

Technical Support

Our expert support team is here to help you. Reach out to us over email, live chat, or phone from 8:00 AM – 6:30 PM EST, Monday to Friday.

Check Out Our Great Reviews

This software helps us to achieve compliance with industry and government requirements with respect to controlling the use of removable storage media. It fits the bill perfectly.

Matthew W., Project Manager
Aviation & Aerospace Industry, 11-50 employees

In my nearly 40 years in the IT business I’ve worked with a lot of support teams. I really appreciate CurrentWare going the extra mile to help me get the most out of the product. They’ve definitely outweighed any of the other competitors that I’ve looked at.

Jerry Slocum, Managed Services Provider
Haggerty Auto Group, 150-200 Employees

The reports are very easy to understand and the fact that they can  be emailed to you on a schedule is amazing. Customer support has been fantastic every time I've had to reach out to them; I highly recommend them!

Kristen S., Associate IT Director
Specialty Coding Services Broker, 51-1000+ Employees

We have experienced data leaks by dishonest employees in the past and AccessPatrol has helped us avoid them and work with greater security and peace of mind for us and our customers.

Julio V., Head of Information Technology
Financial Services Industry, 10,001+ employees

CurrentWare Suite

Get all 4 modules for the best value or choose the exact solutions you need

Get Advanced Activity Insights

BrowseReporter is a versatile employee monitoring software to track productivity and efficiency.

  • Make informed decisions
  • Enforce company policies
  • Improve productivity
today's insights user score cards

Block Harmful Websites

BrowseControl is an easy-to-use website blocking software for restricting internet access.

  • Block URLs & categories
  • Block unwanted apps
  • Website allow & block lists
Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

Stop Data Theft to USB Devices

AccessPatrol is USB control software to protect sensitive data against theft to portable storage devices.

  • Block USB devices
  • USB file activity alerts
  • Block file transfers
AccessPatrol peripheral device permissions mockup block usb

Control PC Power States

enPowerManager is a remote PC power manager for centrally managing power settings across all endpoints.

  • Track logon and logoff times
  • Log PC power event history
  • Remotely shutdown PCs
Screenshot of enPowerManager's PC power schedule with weekly boot, restart, and shutdown events scheduled

CurrentWare Features

Internet Off

User Activity Monitoring

Track web browsing, software use, search queries, and more

Remote Screen Capture

Screenshot Monitoring

Take automatic screenshots or remotely view desktops

Application Blocker

Track Software Usage

Get insights into software usage trends in your organization

Stealth

Transparent & Stealth Modes

Run silently in the background or provide notice of monitoring

Block USB

Block USB & Other Devices

Set full access, read only or no access on storage devices

Allowed List

Device Whitelist

Allow only authorized storage devices to be used

Block Files

Block File Transfers

Prevent files from being transferred to portable storage

Reports

DLP Activity Reports

Track file transfers, storage device use, file operations, and more

Internet Off

Block Websites

Block websites based on
URLs & content categories

Download Filter
Block Downloads/Uploads

Prevent uploading and downloading based on file type

Application Blocker
Application Blacklisting

Block specific Windows
applications from launching

Internet Off

PC Power Management

Remotely track and control PC power states

Internet Off

Centralized Console

Manage all your users from the
centralized console with Active
Directory import or syncing

Internet Off

Platform Security

Protect your CurrentWare console
with 2FA, passwords, privilege
management, and more

Internet Off

Offsite Management

Extend onsite security policies to any remote computer running outside the corporate network

Internet Off

SQL Server Supported

Database scaled for enterprise and
large business operations using
Microsoft SQL Server

CurrentWare

Get Started Today
With a Free Trial

Fully functional. Easy to use. Install in minutes.

Learn How to Meet These
Compliance Requirements With CurrentWare

NERC CIP Compliance

Protect TCAs & BCSI From Insider Threats

Learn More

ISO 27001 Compliance

Critical Security Controls for Your ISMS

Learn More

CIPA Compliance for Education

Qualify for the FCC’s E-Rate program

Learn More

NIST logo

NIST 800-171 & 800-53

Protect Controlled Unclassified Information

Learn More

Meet NIST 800-53 & NIST 800-171 Compliance With CurrentWare