NIST Compliance

The following document elaborates on how Endpoint Central can help enterprises achieve certain requirements of NIST 800-171 compliance.

Compliance: NIST 800-171

The National Institute of Standards and Technology (NIST) Special Publication 800-171 is an important set of guidelines that aims to ensure the safety and confidentiality of sensitive federal data. Any organization that stores, processes, or transmits CUI for the Department of Defense, NASA, and any federal or state agency must be in compliance with NIST 800-171.

Here is a detailed look at how Endpoint Central helps to achieve NIST 800-171

S.No Requirement Description How Endpoint Central fulfills it?
3.1

Access Control

 
3.1.1

Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).

Create local users and add them to a suitable group to provide them proper scope for systems using Endpoint Central’s user management configuration.

3.1.2

Limit system access to the types of transactions and functions that authorized users are permitted to execute.

Create local users and add them to a suitable group to provide them with proper scopefor systems using Endpoint Central’s user management configuration.

3.1.5

Employ the principle of least privilege, including for specific security functions and privileged accounts.

Using the Privileged Access Management solution, privileged user activity can be supervised with session shadowing capabilities and dual control on privileged access can be achieved. Local user accounts can be managed using user management configurations under Endpoint Central.

3.1.7

Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.

Create local users and add them to a suitable group to provide them proper scope for systems using Endpoint Central’s user management configuration.

Endpoint Central has access to all systems’ Event Viewer to monitor the activities performed in each system. You can provide various category-based filters to monitor the required activities.

3.1.8

Limit unsuccessful logon attempts.

Deploy scripts that limit the number of logon attempts to all endpoints from a centralized console with Endpoint Central’s custom script configuration.

3.1.9

Provide privacy and security notices consistent with applicable CUI rules.

Endpoint Central's Legal Notice configuration enables you to display important announcements and legal notices throughout the enterprise. The configured message will be displayed whenever the user presses ctrl+alt+del to login.

3.1.10

Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.

Force the screen to sleep or hibernate after a specified duration of inactivity with Endpoint Central’s power management configuration. You can also configure whether the password should be required after sleep or not.

3.1.12

Monitor and control remote access sessions.

Block outbound remote control ports for specified users or computers using Endpoint Central’s firewall configuration to prevent unprivileged remote sessions.

3.1.13

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

Remote Control feature of Endpoint Central is supported in HTTPS to protect the confidentiality of remote access sessions.

3.1.15

Authorize remote execution of privileged commands and remote access to security-relevant information.

Deploy privileged commands to multiple computers and control systems' displays remotely from Endpoint Central’s centralized console.

3.1.18

Control connection of mobile devices.

Prevent unauthorized mobile devices from connecting to your organization’s network with Endpoint Central’s SCEP certificate distribution feature.

Deploy profiles to all mobile devices based on their platform to restrict mobile device usage including anonymous activities on them.

3.1.19

Encrypt CUI on mobile devices and mobile computing platforms.

Containerize CUI on mobile devices using Endpoint Central’s mobile device management capabilities. If any malicious activity, like data theft, is discovered, the device can be wiped remotely. Endpoint Central also provides the option to secure devices with passwords that adhere to predefined complexity requirements.

3.1.20

Verify and control/limit connections to and use of external systems.

Endpoint Central's Device Control Plus feature provides features to restrict the usage of USB devices. By assigning strict device policies using a device control solution, you can instantly identify the devices connected to your endpoints.

3.1.21 Limit use of portable storage devices on external systems.

Endpoint Central's Device Control Plus feature provides features to restrict the usage of USB devices and other portable storage devices to prevent theft of the CUI stored in systems.

3.1.22

Control CUI posted or processed on publicly accessible systems.

Restrict users from publicly posting CUI via a browser by blacklisting websites or website groups with Endpoint Central’s browser management feature.

Endpoint Central's app control feature helps to authorize only approved software to run in your publicly accessible systems. The Device Control Plus feature helps block/unblock removable storage devices in publicly accessible systems, keeping your organization's systems secure.

3.3

Audit & accountability

 

3.3.1

Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

Endpoint Central has access to all systems’ Event Viewer to monitor the activities performed in each system. You can also provide various category-based filters to monitor the required activities.

3.3.2

Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions.

Endpoint Central provides User Log on Report to track the user login and logoff history in the managed endpoints.
The actions performed by the admin and technicians in the web-console of the product is logged for better auditing.

3.3.3

Review and update logged events.

Endpoint Central has access to all systems’ Event Viewer to monitor the activities performed in each system. You can also provide various category-based filters to monitor the required activities.

3.4

Configuration Management

 

3.4.1

Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.

Endpoint Central can maintain an inventory of organizational systems, including hardware and software. You can deploy a baseline configuration to systems using Endpoint Central.

3.4.2

Establish and enforce security configuration settings for information technology products employed in organizational systems.

Deploy security policies in endpoints with Endpoint Central’s security policy configuration.

Identify the security misconfigurations in systems and remediate them from a centralized console with Endpoint Central’s Vulnerability Manager feature

Blacklist or whitelist applications and stand-alone EXEs with Endpoint Central’s app control feature to prevent unauthorized applications from performing malicious activities.

Secure browser usage in your organization’s systems using Endpoint Central’s browser management feature.

Encrypt the hard drives of your organization’s systems with Endpoint Central’s Bitlocker Management feature.

Secure your systems by allowing or blocking removable and portable devices using Endpoint Central’s Device Control Plus feature.

3.4.3

Track, review, approve or disapprove, and log changes to organizational systems.

Endpoint Central's Vulnerability Manager Plus feature periodically scans systems to identify any breaches of security misconfigurations and remediate them in a single click. All hardware and software changes are tracked in a timely manner. Endpoint Central also tracks patches and software updates. You can remediate those changes by deploying configurations.

3.4.4

Analyze the security impact of changes prior to implementation.

Using the 'Test and Approve' feature under Patch Management provided by Endpoint Central enables you to view the compatibility of the patch update with the systems in the network prior deployment of the patches. Endpoint Central provides the feature test deployment for specific targets for other modules like configurations and software deployment.

3.4.5

Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational system.

Enforce logical restrictions catering to your needs using the various User Configurations settings found under Endpoint Central's configuration module.

3.4.6

Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.

Endpoint Central's Application Control Plus feature does an essential part of privilege bracketing with respect to applications and their privileged access, which enables enterprises to establish the Principle Of Least Privilege(POLP) without worrying about productivity drops.

3.4.7

Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

Blacklist or whitelist applications and stand-alone EXEs to prevent unauthorized applications from performing malicious activities using Endpoint Central’s app control feature.

Block or allow specific ports in both inbound and outbound connections with Endpoint Central’s firewall configuration.

Delete unapproved services from all machines using Endpoint Central’s service configuration.

Restrict the use of portable storage devices and Bluetooth with Endpoint Central’s Device Control Plus feature to avoid theft of CUI stored in machines.

3.4.8

Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.

Blacklist or whitelist applications across your organization or only for a specific group with Endpoint Central’s app control feature.

3.4.9

Control and monitor user-installed software.

Endpoint Central provides you with a Self-Service Portal that allows you to publish software to the target users/computers. Unlike manual software deployment, you can publish the list of software to the group (target users/computers). You can empower the users to install software based on their needs. The Application Control Plus feature provides a blacklisting feature which enables you to associate an application blacklist with different custom groups while keeping in consideration a user’s role in the enterprise.

3.5

Identification & Authentication

 

3.5.1

Identify system users, processes acting on behalf of users, and devices.


 

Endpoint Central's System Manager enables administrators to perform various system management tasks. For example, viewing the list of users of the managed computers. The list of devices associated to each computer and the choice to enable/disable the drivers related to the devices is also provided by Endpoint Central.


System users, processes and services running in the machines can be identified and viewed using Endpoint Central. Common device identifiers like MAC and IP are available.


Custom fields can be added and the endpoints can be marked with different identifiers according to your requirement.

3.5.2

Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational systems.

The list containing the users of the managed computers and the list of devices associated to them is accessible under Tools>System Manager. System manager also provides a list of running processes on systems which can be killed or managed as required. Privileged access can be enabled using MDM and Application Control modules.

3.5.7

Enforce a minimum password complexity and change of characters when new passwords are created.

Enforce password complexity using a custom script in Endpoint Central.

3.5.9

Allow temporary password use for system logons with an immediate change to a permanent password.

The User Management Configuration of Endpoint Central allows you to define the scope of a user and specify a username and password.

3.7

Maintenance

 

3.7.1

Perform maintenance on organizational systems.

Endpoint Central offers configurations that help you manage applications, system settings, desktop settings, and security policies. Endpoint Central also offers a wide range of tools with which you can perform a variety of operations while troubleshooting for maintaining the organizational systems.

3.7.5

Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.

Endpoint Central provides multi factor authentication using two factor authentication. When two-factor authentication is enabled, users will be prompted to enter the One Time Password (OTP) along with their default password. Endpoint Central supports two-factor authentication in two modes, using email and Google authenticator. The Remote Desktop Sharing feature in Endpoint Central enables you to access remote computers in a network which can be used for non-local maintenance purposes.

3.7.6

Supervise the maintenance activities of maintenance personnel without required access authorization.

Utilize Endpoint Central's remote control, with a view-only mode option, to supervise maintenance personnel’s activity on endpoints.

3.8

Media protection

 

3.8.1

Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital.

Restrict the use of removable storage media using Endpoint Central's Device Control Plus feature.

3.8.2

Limit access to CUI on system media to authorized users.

Control, block and monitor USB and peripheral devices using Endpoint Central's Device Control Plus feature. The Drive Mapping configuration under Endpoint Central enables you to map a remote network resource to the user machines and eases the process.

3.8.3

Sanitize or destroy system media containing CUI before disposal or release for reuse.

Delete files that contain CUI from your organization’s systems with Endpoint Central’s file folder operation.

3.8.5

Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.

ManageEngine's Device Control Plus feature enables you to manage USB devices and provides features such as file tracing and file shadowing that aid you in establishing flexible but extensive control over file operations. It can help you apply protocols to manage and effectively protect all data traveling within or across network perimeters. Shares and network drives can be managed using the drive mapping configurations in Endpoint Central.

3.8.7

Control the use of removable media on system components.

Control the use of all types of removable media with more advanced options using Endpoint Central’s Device Control Plus feature.

3.8.9

Protect the confidentiality of backup CUI at storage locations.

Protect the CUI backups stored in systems by encrypting the hard drives that store those backups using Endpoint Central’s Bitlocker Management module.

3.9

Personnel security

 

3.9.2

Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.

Remotely wipe systems in case of personnel terminations and transfers with Endpoint Central’s remote wipe capability. Before wiping the data, you can back up the folder using the product’s folder backup configuration. You can also move those backup files to the secured systems repository using the file folder configuration.

3.11

Risk Assessment

 

3.11.1

Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.

Each Endpoint Central module has predefined reporting functionalities so you can audit information related to your organization’s systems, which helps to take further actions to strengthen the security of CUI. You can fetch the status of your systems with the security features and provide this information as built-in reports. After reviewing the status of the systems’ security health, you can perform the necessary actions right from the reports.

3.11.2

Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.

Endpoint Central’s Vulnerability Manager feature scans your organization’s systems periodically to discover software vulnerabilities and remediate them through patching. It also finds security misconfigurations and allows you to remediate them in bulk through a centralized console.

3.11.3

Remediate vulnerabilities in accordance with risk assessments.

Endpoint Central's Vulnerability Manager feature periodically scans systems to discover vulnerabilities and remediate them through patching, helping to reduce risk.

Vulnerability Manager also finds security misconfigurations in organizational systems and allows you to remediate them in bulk through a centralized console.

3.12

Security Assessment

 

3.12.1

Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.

Each of Endpoint Central's modules offer predefined reporting to help audit information related to organizational systems, which helps you take further actions to strength the security of CUI. You can fetch the status of your organization’s systems and provide this information as built-in reports with the security features. Review the status of your systems’ security health and perform the necessary actions right from the reports.

3.12.2

Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.

Identify vulnerabilities with periodic scanning and correct deficiencies by deploying missing patches to systems using Endpoint Central’s patching capability. Endpoint Central's Vulnerability Manager Plus feature finds security misconfigurations in your organization’s systems and allows you to remediate them in bulk through a centralized console.

3.12.3

Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.

The data about the security status of the endpoints managed in your network is provided by Endpoint Central which can aid you in monitoring and ensuring that there is no loss of effectiveness of the controls over time.

3.13

System & communication

 

3.13.1

Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.

Endpoint Central's firewall configuration helps you block or allow inbound or outbound communications on systems using specified ports. This helps minimize attacks through anonymous ports.

3.13.4

Prevent unauthorized and unintended information transfer via shared system resources.

Endpoint Central provides data access control information, including the folders that are shared with various permission levels. Permission management helps revoke permissions for those folders.

3.13.16

Protect the confidentiality of CUI at rest.

Endpoint Central provides information on which folders are shared with what level of permissions. This data access control information helps mitigate the risk of CUI being shared with full or write-level permission.

Encrypt your systems’ hard disks with Endpoint Central’s Bitlocker Management module to ensure the CUI stored on those systems is secure.

3.14

System and information integrity

 

3.14.1

Identify, report, and correct system flaws in a timely manner.

Identify systems with security misconfigurations and missing patches, service packs, and antivirus definition updates with Endpoint Central’s vulnerability scanning, and remediate these flaws from a centralized console.

3.14.3

Monitor system security alerts and advisories and take actions in response.

Endpoint Central provides event logs (classified as errors, information messages and warnings) which help in auditing and troubleshooting. Using the vulnerability module gives you an assessment of the security posture of the managed endpoints.

3.14.6

Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

Block or allow inbound and outbound connections on systems with Endpoint Central’s firewall configuration; this helps minimize attacks through anonymous ports.

3.14.7

Identify unauthorized use of organizational systems.

Track the use of USB devices on each system using Endpoint Central’s USB audit feature. Detect systems that contain unapproved applications and uninstall that software using Endpoint Central.