Hello, and welcome to the NIST 800-871 Learning Path. My name is Dave Hurley, I'm your instructor for this class and this is Course 2, understanding and implementing the 110 NIST 800-171 requirements. As you know, there are 14 requirement families, and this is the final requirement, family 3.14, system and information integrity. This is all about ensuring that the systems that contain CUI are trustworthy and secure and the data has not been altered and it has seven requirements. The first requirement, 3.14.1, is identify, report, and correct system flaws in a timely manner. This is a basic requirement and they tell you you need to ensure that you're addressing flaws discovered, through security assessments, continuous monitoring, incident response, and error reporting, and they point to the special publication, 800-40 for guidance on patch management. Requirement 3.14.2 is, provide protection from malicious code at designated locations within organizational systems. What is a designated location? Well, that would be something like your firewall, for example, your entry and exit points. They say, this is a basic requirement and you need to implement technologies to detect, block, and remove malware at entry and exit points, and they point you to special publication 800-83 for guidance on malware prevention. 3.14.3, is monitor system security alerts and advisories and take action and response. This is a basic requirement and they tell you to use publicly available source of security alerts and advisories from government agencies, folks like CSA, for example, and technology vendors, Microsoft, Google, etc, to maintain awareness of the current threat and vulnerability landscape. 3.14.4, update malicious code protection mechanisms when new releases are available. This is a derived requirement and obviously, you want to make sure that you have the latest version of your endpoint protection software, antivirus, or any malware software, and that it's being updated regularly. 3.14.5, perform periodic scans in organizational systems and real-time scans of files from external sources as files are downloaded, open, or executed. This is a derived requirement. Again, you want to make sure that you have endpoint protection, a.k.a, any virus or any malware software, that it's updated, that it's scanning for malicious activity and anomalous behavior. Something like Sentinel-1, Microsoft Defender, and something like Defender Advanced Threat Protection in the Cloud. You've got 3.14.6, monitor organizational systems including inbound and outbound communications traffic to detect attacks and indicators of potential attacks. A derived requirement, you want to monitor events at your system boundaries, and you want to make sure that you're looking for unusual or unauthorized activities or malicious code. You can use tools like intrusion detection or intrusion prevention systems, signs, and scanning tools to monitor for this activity and alert on it. This says, "System monitoring is an integral part of continuous monitoring and incident response programs." They point you to this special publication, 800-94 for guidance on intrusion detection and prevention systems. Then the last control in this family, 3.14.7, identify unauthorized use of an organizational systems. This is a derived requirement. They tell you to implement internal and external monitoring to detect unauthorized use of systems. Then if such unauthorized use is detected to follow the guidance and control for a 3.6.1, and they point you to NIST special publication 800-94, again, for guidance on intrusion detection and prevention systems. That gets us through the seven requirements in this family. This is the last family of the 110 NIST 800-171 controls. Thank you for watching this video, and I will see you in the next video.
