NIST 800-171 Simplified Checklist
Access Control – Logins, Remote Access, Monitoring
Awareness and Training – Managers and team members of organization are aware of security risks associated and ensure they are trained
Audit and Accountability – Create, protect and retain systems. Audit records by enabling monitoring, analysis, investigating and reporting of unlawful unauthorized or inappropriate system activities.
Configuration Management – Enforce security configuration settings for on all information technology systems. Do a inventory of organizations hardware. Always analyze security impact of changes that are to be implemented. Establish and enforce security configuration
Identification and Authentication – Identify system users/processes authenticated the identities of the users, password complexity, store and transmit cryptographically the protected passwords.
Incident Response – Establish incident – handling capability for organizational systems. Test.
Adequate preparation, detection, analysis, containment, recovery, and user response.
Maintenance – Maintenance
Media Protection – destroy and control access
Personal Security – Individual security
Physical Security – Limit physical access to organizations systems and equipments
Risk Assessment – Periodically access the risk of the organizational operations. Assets and individual. Scan for vulnerabilities in OU and Apps
Security Assessment – Develop and implement plans of actions designed to correct deficiencies. Monitor security controls on an online basis and access the security controls.
System and Communication Protection – Monitor, control and protect communication by having FIPS firewall, validated cryptography. Manage Key management system. Apply architectural designs, software development technologies (OWASP) engineering principles
System and Information Integrity – Monitor systems and security alerts, perform periodic scans of organization and real-time scans of files from external sources. As files are downloaded and opened or executed.