top of page

Streamlining Your Approach: Smart Choices for Defense Contractors Under NIST SP 800-171 R2

Updated: Nov 4, 2023

Defense companies face a unique set of challenges when it comes to cybersecurity. They must protect sensitive data, comply with stringent regulations, and do so in a way that is both efficient and cost-effective. With the publication of NIST 800-171 Revision 2, the bar for safeguarding Controlled Unclassified Information (CUI) has been set even higher. It is highly recommended to ensure that you are "hitting" as many controls as possible for each solution you implement. This will help defenders keep the information they need on a "single pane of glass", so they don't miss key information and it will help keep costs down and SPRS scores up!

See below for two key control solutions, Endpoint Detection and Response (often referred to as EDR) and Security Incident Event Management (Known as SIEM). These two solutions are the cornerstone of robust cyber defense. By choosing them wisely, defense companies can ensure they are covered operationally, while reducing time to compliance and cost.

The Strategic Role of EDR in Compliance

A versatile EDR solution is more than just a line of defense against cyber threats—it’s a multifaceted tool that can streamline compliance with NIST 800-171R2. By selecting an EDR with capabilities that cover multiple controls, defense companies can save on both cost and complexity. When searching for and EDR (typically marketed as Next Gen Anti-Virus Software), look for these features.

Endpoint Encryption Control: Encryption is a critical aspect of protecting CUI on endpoints. An EDR with built-in encryption control ensures data is secured at rest, directly addressing related NIST controls without the need for additional encryption software.

Application and Removable Media Control: EDR solutions can offer granular control over applications and removable media, which not only fortifies endpoints against unauthorized software and data exfiltration but also consolidates several NIST controls under one umbrella, simplifying management and oversight.

By including the above features, you are knocking out multiple non-antivirus controls, saving you from having to solve for these later on.

SIEM as a Compliance Multiplier

A sophisticated SIEM system can be a force multiplier for security and compliance efforts. By integrating a range of capabilities, a SIEM can cover a broad swath of NIST controls, reducing the need for specialized tools, while providing defense teams with the insight they need to keep your organization safe. Look for the key features below to ensure you are getting the most out of your investment.

Endpoint Vulnerability Scanning: A SIEM that includes endpoint vulnerability scanning capabilities can significantly contribute to the Risk Assessment (RA) and Configuration Management (CM) families of NIST 800-171R2, helping to identify and mitigate potential vulnerabilities before they can be exploited.

Breach Detection and Incident Response: SIEM systems are adept at detecting breaches and supporting swift incident response. With capabilities that align with the Incident Response (IR) family of NIST controls, a good SIEM can alert on irregularities indicative of a cybersecurity event.

System Baselining: This is an often-overlooked feature. By selecting a SIEM that can monitor for key system changes, OS versioning, and other key changes, you can establish and monitor system baselines, a control multiplier for the Configuration Management (CM) controls.

In addition, a SIEM that provides insights into system configurations and user activities can help manage the Configuration Assessment (CA) controls, ensuring that security configurations are maintained and monitored. The bottom line is this, a well selected SIEM can knock out dozens of controls, as it has far reaching security and monitoring capabilities. BUT this is only true if it is implemented properly, and you select a product with the right features.

Integrating EDR and SIEM for Comprehensive Coverage

By carefully selecting an EDR solution with comprehensive control features and pairing it with a SIEM that offers extensive monitoring and detection capabilities, defense companies can cover an extensive range of NIST 800-171R2 controls. This strategic approach not only ensures a robust security posture but also simplifies the complexity typically associated with managing multiple security platforms.

But there is one more kicker... These solutions, even when well selected, can fall short of their potential. I have unfortunately seen numerous occasions where wildly expensive products were chosen and implemented, only to find out they were missing key features due to not being selected based on the "big picture". Even worse, I have seen amazing products selected, that were implemented by inexperienced teams who missed out on integrations that could have provided for better security coverage, and more compliance controls met.

Please don't become the next example. Choose the right product the first time, ensure your implementation plan covers your entire attack surface and covers as many controls as possible.

If this is something you are not comfortable doing, or if you would like to reach out and discuss more strategies for selecting solutions to your compliance needs, I am happy to help. I have over a decade of experience implementing NIST compliant security controls. Whether you select solutions through NexTier, work with one of our partners, or choose to source your own solutions, I am happy to support you on your journey. Thanks for reading!

Keywords: NIST, 800-171, SPRS, SIEM, EDR, Anti-Virus

3 views0 comments


bottom of page