NIST 800-172_3.14.3e

NIST 800-172

3.14 SYSTEM AND INFORMATION INTEGRITY

3.14.3e

Ensure that [Assignment: organization-defined systems and system components] are included in the scope of the specified enhanced security requirements or are segregated in purpose-specific networks.

Organizations may have a variety of systems and system components in their inventory including Information Technology (IT) Internet of Things (IoT) Operational Technology (OT) and Industrial Internet of Things (IIoT). The convergence of IT OT IoT and IIoT significantly increases the attack surface of organizations and provides attack vectors that are challenging to address. Compromised IoT OT and IIoT system components can serve as launching points for attacks on organizational IT systems that handle CUI. Some IoT OT and IIoT system components can store transmit or process CUI (e.g. specifications or parameters for objects manufactured in support of critical programs). Most of the current generation of IoT OT and IIoT system components are not designed with security as a foundational property and may not be able to be configured to support security functionality. Connections to and from such system components are generally not encrypted do not provide the necessary authentication are not monitored and are not logged. Therefore these components pose a significant cyber threat. Gaps in IoT OT and IIoT security capabilities may be addressed by employing intermediary system components that can provide encryption authentication security scanning and logging capabilities—thus preventing the components from being accessible from the Internet. However such mitigation options are not always available or practicable. The situation is further complicated because some of the IoT OT and IIoT devices may be needed for essential missions and business functions. In those instances it is necessary for such devices to be isolated from the Internet to reduce the susceptibility to cyber-attacks.[SP 800-160-1] provides guidance on security engineering practices and security design concepts.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video