.svg)
This table defines the NIST rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.
|
Rule (click to see text) |
Description |
|
Validation |
|---|---|---|---|
|
Choose a DLP rule to restrict public sharing of CUI. |
To guard against unauthorized access to CUI:
|
If the DLP rule exists and is enabled and there are no existing public shares, status is OK; if not, or if modifications to the rule allow public shares, status is Issues. |
|
|
Configure password settings to limit unsuccessful logon attempts. |
To set a limit on unsuccessful logon attempts:
|
If the Incorrect Password Attempts Before Account Lockout setting is set as indicated, then status is OK; if not, status is Issues. |
|
|
Set up a workflow that blocks the connection of a new mobile device until it is approved. |
To set up a workflow to block the connection of a new mobile device:
|
If the workflow does not exist or is not enabled, the status is Issues. |
|
|
Set the audit log level. |
To monitor log-in attempts:
|
If Audit Log Level is set to OFF, status is Issues. |
|
|
Confirm admin knows how to use and manage audit reports. |
Enable this rule to confirm admin understands audit logs and has a process to regularly review audit records and remove unwanted records. |
None |
|
|
Confirm admin understands how to disable the deletion of audit records. |
To disable deletion of audit records see Delete Audit Log Entries. |
None |
|
|
Give at least one admin user access to the Audit Reports. |
To enable at least one admin user to access the Audit Reports:
|
If one or more users have access to the Audit Reports, the status is OK; if not, the status is Issues. |
|
|
Confirm admin understands security settings and knows how to implement reCaptcha, 2FA, and password policies. |
Enable this rule to confirm that admin can implement reCaptcha, 2FA, and password policies. |
None |
|
|
Confirm admin knows how to disable or change non-essential ports and services. |
Enable this rule to confirm that admin can disable or change non-essential ports and services. For information about changing default port or web server settings in FileCloud, see: Changing a Default Port or Web Server Setting. |
None |
|
|
Configure and enable the Authentication Type as Active Directory or LDAP or enable SSO. |
To authenticate users during login:
To enable SSO, see:
|
If Authentication Type is set to Default and SSO is not enabled, status is Issues. |
|
|
Set up strong password management. |
To set regulations for strong password management:
|
If the password settings are set as indicated, status is OK; if not, status is Issues. |
|
|
Disallow the reuse of previous passwords. |
To disallow the reuse of previous passwords:
|
If Number of previous passwords that cannot be reused is set as indicated, then status is OK; if not, status is Issues. |
|
|
Require new accounts to change passwords. |
To require new accounts to change passwords:
|
If New accounts must change password is set as indicated, then the status is OK; if not, the status is Issues. |
|
|
Confirm admin knows how to use audit, alerts, violation reports, and event reports to create notification reports. |
Enable this rule to confirm that admin knows how to use audit logs, alerts and violation reports to generate breach notifications. |
None |
|
|
Configure antivirus protection against malicious file uploads. |
To protect CUI from malicious file uploads:
|
If Antivirus is configured, status is OK; if not, status is Issues. |
|
|
Choose a metadata set to classify controlled unclassified information |
To indicate which files are CUI, click the edit button and select a metadata set with a tag for identifying them.
|
If the metadata set exists and is enabled, status is OK; if not, status is Issues. |
|
|
Configure and enable encryption. |
To maintain security: Configure storage encryption.
See Setting Up Managed Storage Encryption in the support document.
|
If storage is not fully encrypted or any existing files are not fully encrypted, status is Issues. |
|
|
Give at least one user in an admin role access to the Compliance Center. |
To enable at least one user to manage the Compliance Center:
|
If one or more users have access to the Compliance Center, status is OK; if not, status is Issues. |
|
|
Choose a DLP rule that only allows private sharing. |
To guard against unauthorized access to CUI:
|
If the DLP rule exists and is enabled and there are no existing public shares, status is OK; if not, or if modifications to the rule allow public shares, status is Issues. |
|
|
Set session timeout for the user portal. |
To confirm automatic logoff of sessions:
|
If Session Timeout is set to 0 or empty, status is Issues. |
|
|
Confirm decryption keys are confidential. |
To confirm that decryption keys are confidential, enable this rule. |
None |
|
|
Enable Governance Report Email to send the admin an email reminder to check audit logs, reports, and security issues regularly. |
To implement procedures to regularly review records such as audit logs and violation report:
|
If the Send daily governance report to admin setting is enabled, status is OK; if not, status is Issues. |