How Covalence simplifies compliance: NIST SP 800-171

This blog is part of a series of posts to highlight how Field Effect’s flagship product, Covalence, can help our customers attain their compliance goals.

Whether it’s to mitigate risks, maintain a cyber insurance policy, fulfill a contractual requirement, or ensure the protection of employee and customer data, Field Effect knows how important it is for businesses to adhere to industry-standard compliance frameworks.

What is NIST SP 800-171?

NIST Special Publication (SP) 800-171 is a set of guidelines published by the US National Institute of Standards and Technology (NIST).

The framework’s full title “Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations,” speaks to its overarching goal: to describe a set of recommended security requirements to ensure that CUI held outside government networks is secured against disclosure and theft.

CUI includes a wide range of data including:

• Personally identifiable information (PII)
• Federal Contract Information (FCI)
• Critical infrastructure data
• Export-controlled information

The currently approved version (Revision 2) was released in 2020 and has 110 controls in 14 control families. An updated version, Revision 3, is expected for release later in 2023.

Is NIST SP 800-171 mandatory?

While the NIST SP 800-171 controls themselves are not mandated, there have been increasingly stringent government rules on applying them.

In 2020, the Department of Defense (DoD) implemented the Defense Federal Acquisition Regulation Supplement (DFARS) rule which required contractors and subcontractors to comply with the security controls outlined in NIST SP 800-171 to be eligible for DoD contracts.

As we mentioned in our recent blog on the Cybersecurity Maturity Model Certification (CMMC), organizations will need to mandate all 110 NIST SP 800-171 controls to achieve CMMC Level 2 and will require external verification of this by a third-party assessment organization (3PAO).

How can Covalence help?

Covalence, our holistic cybersecurity solution, empowers organizations to meet numerous NIST SP 8001-171 controls. Let’s look at a few examples.

Control 3.14.2

This control instructs organizations to “Provide protection from malicious code at designated locations within systems.”

The Covalence endpoint agent achieves this by providing a world-class anti-malware solution for servers and workstations running Windows, macOS, and supported versions of Linux. It easily deploys to enterprise assets and provides a combination of signature and heuristic-based analytics to detect both known and emerging threats.

Control 3.11.2

This control requires organizations to “Scan for vulnerabilities in systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.”

Covalence helps satisfy this control by monitoring networks, cloud applications, and endpoint devices to identify technical vulnerabilities, and when found provides detailed steps on how to address them.

Through our proprietary ARO (Actions, Recommendations, and Observations) reporting and endpoint rules, these vulnerabilities are easily visible for triaging in the Field Effect portal.

Control 3.14.6

This control calls for organizations to “Monitor systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.”

Covalence network sensors conduct full packet capture and deep inspection of all network traffic transiting them, helping our customers detect risks and threats at their network edge and other key locations.

Control 3.6.2

This control recommends that organizations “Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.”

The Covalence Suspicious Email Analysis Service (SEAS) helps satisfy this control by providing an Outlook plug-in that allows users to request automated analysis of suspicious emails to easily report security incidents.

In addition, Covalence AROs help organizations track and document cyber incidents, including their status and resolution time.

Integrated ARO mappings

Covalence users can enable their AROs to contain insights and mappings to the compliance frameworks they care most about. Reach out today to get the latest information on what mappings are available.

Here’s an example of what a Field Effect Insight would look like:

Simplify compliance with Covalence

We've created an easy-to-read mapping guide for NIST SP 800-171, which shows how Covalence aligns with specific sections of the standard.

This document is a great starting point to help you better understand the regulatory compliance landscape but, because every organization is different, we still recommend consulting with a regulatory auditor for your specific requirements.

Reach out to our team to get a copy of the NIST SP 800-171 Mapping Guide today.