For our final installment of the “DFARS In Depth” series, we’ll cover the last of the fourteen security requirement families in NIST SP 800-171 -- System and Information Integrity.
While you may have spent fantastic amounts of time and energy securing your systems, the requirements in this family remind us that security is an ongoing process, which requires constant monitoring and adjustment. Meeting the requirements of system and information integrity means that you’ll have implemented a process of continuous evaluation and improvement of your security posture.
System and Information Integrity - Basic Requirements
The first basic requirement of this family is an important step for all system administrators:
- Identify, report, and correct system flaws in a timely manner.
- Monitor system security alerts and advisories and take action in response.
“System flaws” most often take the form of vendor-reported security vulnerabilities. It’s important to monitor a system like the Common Vulnerabilities and Exposures database (CVE) for reports on the software, hardware, and systems that you support -- and immediately take steps to patch or otherwise remediate any vulnerabilities as soon as possible. Additionally, US government organizations, like US-CERT, periodically publish security advisories that you will need to triage and take action on.
- Provide protection from malicious code at designated locations within organizational systems.
Malware scanning isn’t only applicable to endpoints. Modern firewalls and IDS/IPSs can scan traffic in real time for signs of malicious code, as well as connections to known-hostile addresses. Plus, email and web traffic should be scanned for malicious code too, helping to head off any potential infections before they reach your clients or servers.
System and Information Integrity - Derived Security Requirements
The derived security requirements mainly elaborate on the systems required to protect your systems from malicious activity:
- Update malicious code protection mechanisms when new releases are available.
- Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.
- Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
- Identify unauthorized use of organizational systems.
The first two requirements -- automatic definitions updates and scheduled and real-time virus scanning -- can seem rather basic to most experienced administrators. But, it’s important to verify these mechanisms and make sure that they’re working as expected.
The next two requirements again deal with network logging as well as general log auditing. There are a variety of systems that can be used for this purpose, but the point is to get them to deliver quality, actionable data that you can use to ensure that your systems are secure. A system that constantly gives false alerts will quickly be ignored, while a system that doesn’t alert when needed can be even worse.
So that brings our series on DFARS and CMMC to a close. If you have any questions about how to get your systems compliant, consider partnering with a trusted managed service provider (MSP) like E-N Computers. Our expert system administrators can help you to build a secure, stable network and help you focus on your business.