NIST 800-171 refers to National Institute of Standards and Technology Special Publication 800-171, which governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. It is essentially a set of standards that define how to safeguard and distribute material deemed sensitive but not classified.
IS Decisions’ software UserLock directly addresses three high-priority security requirements of NIST 800-171, 3.1 Access Control, 3.3 Audit and Accountability and 3.5 Identification and Authentication.
3.1 Access Control
- 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)
- 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute
- 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs
UserLock enables the administrator to set granular access rights to different types of employees to ensure that they can only access the information they need to do their job. IT allows you to record and report on all user connection events to provide a central audit across the whole network.
- 3.1.8 Limit unsuccessful logon attempts.
- 3.1.10 Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
- 3.1.11 Terminate (automatically) a user session after a defined condition.
UserLock can apply customized login restrictions by user, group or organizational unit (OU). Any logon attempts that don’t satisfy these conditions are automatically blocked. IT administrators can review and immediately block any suspect user accounts with just one click. This denies all further logon attempts and closes any existing sessions. They can also set an automatic forced logoff, on all locked or open machines, after a certain idle time. This includes remote desktop sessions opened by the domain user.
- 3.1.12 Monitor and control remote access sessions.
UserLock helps administrators manage and secure access for all users (remote or on-premises), without disturbing employees or upsetting the IT department.
3.3 Audit and Accountability
- 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
- 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
UserLock monitors, records and reports on every user connection event and logon attempt to a Windows domain network. You can get detailed and personalized reports to support forensic investigations.
The solutions also helps administrators verify all users’ identity at any time, making users accountable for any activity — malicious or otherwise.
- 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
- 3.3.9 Limit management of audit logging functionality to a subset of privileged users.
UserLock offers granularity when setting permission rights for privileged users. Access to the different features is split on two privileges, ‘Read’ to display the section information and ‘Write’ which authorizes modifications.
3.5 Identification and Authentication
- 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.
- 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
UserLock makes it easy to verify the identity of all Active Directory accounts, whether privileged or non-privileged, and secure access to your network with Multifactor Authentication (MFA) on Windows logon, RDP and VPN connections.
