WHAT ARE THE 14 KEY AREAS of NIST 800-171 ?

• Access Control: User and transaction authorization and security.
• Awareness and Training: All personnel are adequately trained in security-related duties.
• Audit and Accountability: Access records individually traceable to all users.
• Configuration Management: Network and security protocols and documentation.
• Identification and Authentication: Authorized user identification with multifactor authentication.
• Incident Response: Incident reporting process and notification (DFARS 252.204-7012) capability.
• Maintenance: Information Systems maintenance routine and control.
• Media Protection: Control access and secure hard copy, digital and portable media.
• Personnel Security: Individual screening prior, during and after personnel actions.
• Physical Protection: Protect and monitor access to IS, equipment and operating environments.
• Risk Assessment: Periodic testing to simulate and monitor Information Systems vulnerability.
• Security Assessment: Periodic testing to demonstrate effective and current IS control.
• System and Communications Protection: 14 security requirements; monitor, control and protect.
• System and Information Integrity: Identify, report and correct IS alerts and flaws.