Benchmark: NIST 800-172
To obtain the latest version of the official guide, please visit https://csrc.nist.gov/pubs/sp/800/172/final.
Overview
NIST Special Publication (SP) 800-172 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity, and availability of controlled unclassified information (CUI) in nonfederal systems and organizations from the advanced persistent threat when the CUI is associated with a critical program or high value asset. The APT is an adversary that possesses sophisticated levels of expertise and significant resources that allow it to achieve its objectives by using both cyber and physical attack vectors. The objectives of the APT include establishing and extending footholds within the infrastructure of the targeted organization for the purposes of exfiltrating information; undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The APT pursues its objectives repeatedly over an extended period, adapts to defenders’ efforts to resist it, and is determined to maintain the level of interaction needed to execute its objectives.
The enhanced security requirements provide the foundation for a multidimensional, defense-in-depth protection strategy through (1) penetration-resistant architecture, (2) damage-limiting operations, and (3) designing for cyber resiliency and survivability that support and reinforce one another. This strategy recognizes that, despite the best protection measures implemented by organizations, the APT may find ways to breach primary boundary defenses and deploy malicious code within a defender’s system. When this situation occurs, organizations must have access to additional safeguards and countermeasures to outmaneuver, confuse, deceive, mislead, and impede the adversary—that is, to take away the adversary’s tactical advantage and protect and preserve the organization’s critical programs and high value assets.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select NIST 800-172.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_172
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_172 --share
Benchmarks
- 3.1 Access Control
- 3.4 Configuration Management
- 3.5 Identification and Authentication
- 3.11 Risk Assessment
- 3.13 System and Communications Protection
- 3.14 System and Information integrity