The NIST 800-171 Control You Needed To Setup Yesterday

If you are a DOD (Department of Defense) Contractor, you should be years into your self-certification of the complete set of NIST 800-171 controls…right? 😉

Whether you working under the DFARS regulations or not, we could all learn a lot from the NIST 800-171 controls. While not necessarily the most exciting read, these 110 controls can go a long way to securing your business computer network from some of the most common attacks.

If I had to pick a favorite among all of these, it would have to be 3.5.3. It reads as:

“3.5.3: Use multifactor authentication for local and network access to privileged accounts and for
network access to non-privileged accounts.”

If you haven’t already implemented this control called Multi-Factor Authentication for (at a minimum) your email accounts, you are missing out on one of the most powerful tools in security.

What is Multifactor Authentication? Whether you are aware of it or not, there are different types of authentication. We think of Type 1 most often as the only one: A Password. Here are some other Types:

  • Type 1: Something you know
    • Password
    • Your first car, Grandmother’s favorite color, etc.
  • Type 2: Something You Have
    • USB dongle
    • Mobile phone
    • Authentication code
  • Type 3: Something You Are
    • Fingerprint
    • Iris or Retinal Scan
  • Type 4: Somewhere You Are
    • IP address
    • GPS location

Multifactor simply means that you are using more than one Type of Authentication – something from 2 or more categories. The simplest (and least expensive) combination at this point is a password plus something you have, which is why banks were early adopters of a password plus a text message code to your phone. The thinking is that if you have both of those, you’ve made it much harder for the hacker to access your credentials, and therefore much harder for them to access your company data.

If you haven’t already implemented MFA for your email yesterday, do it today! If you need help, give me a call or email: or 505-365-1975