Automating NIST SP 800-171 Requirements with Tenable.sc

Streamline and simplify the process of continually assessing and reporting on compliance with NIST 800-171 technical controls

This paper provides insight into the ways Tenable.sc (formerly SecurityCenter) streamlines conformance with NIST 800-171 requirements. It does this by automating continuous monitoring and reporting capabilities which let you effectively measure, assess, visualize and communicate adherence with NIST 800-171 technical controls.

The paper includes an appendix outlining many of the ways Tenable.sc supports the 14 security control families outlined in NIST Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” These include:

• Access Control
• Media Protection
• Awareness and Training
• Personnel Security
• Audit and Accountability
• Physical Protection
• Configuration Management
• Risk Assessment
• Identification and Authentication
• Security Assessment
• Incident Response
• System and Communications Protection
• Maintenance
• System and Information Integrity

Beyond automating technical controls, the paper explores how SecurityCenter Continuous View supports your NIST 800-171 reporting requirements for communicating with technical teams, management and auditors through dynamically generated dashboards, reports and Assurance Report Cards (ARCs).