The final family in the NIST 800-171 standard is the System and Information Integrity Family. This family focuses on your turnaround time for detected threats.


Why is System and Information Integrity important?

A cybersecurity threat is not often announced. No phishing emails are sent with the subject line “This Phishing Email is Targeting You.” Websites with malicious code do not contain warnings in their URLs or google search results. It would be great if all the threats came with warning labels! Since that is not the case, we have to be diligent and regularly monitor our systems, scanning for threats and identifying any unauthorized access. Failure to identify a threat quickly will result in our systems being compromised and left open to attack.


What is System and Information Integrity about in NIST 800-171?

The controls in the System and Information Integrity family are focused on your ability to detect threats and protect your system against malicious code. The key points addressed in this family are:

  1. Regularly scanning for threats—ensure you have anti-virus and anti-malware programs that scan your system for any existing infected or compromised files. Make sure that these programs and virus definitions are updated regularly. Set these programs to alert an administrator upon discovery of malicious code.
  2. Scanning for real-time threats—employ real-time virus and malware scans on any devices that access external websites, receive emails or otherwise receive files from external sources. Real-time scans should be set to scan for malicious code from external sources as the files are downloaded, opened or run.
  3. Monitoring network traffic for threats—monitor all incoming and outgoing communication within your network to detect unauthorized access and any intrusion. Activity monitoring should be done in accordance with any applicable state and federal laws and regulations.
  4. Being able to identify unauthorized use of the system—monitor, and identify any intrusions to your systems through local, network and remote access. Any device that is permitted to access your systems should be monitored even if that device is accessing the system remotely.


Thank you for joining us during this Closer Look at NIST 800-171 blog series.



Katherine Bennett

Katherine Bennett leads the Instructional Design team for NCMEP partner NC State Industry Expansion Solutions. She also serves as project manager for instructional design services. Katherine plays a key leadership role in supporting the IES goal of providing instructional design and development expertise that complements the field-specific expertise of IES partners, while meeting the learning needs of target audiences. Katherine holds a bachelor’s degree in Computer Science from the University of North Carolina at Charlotte and a master’s degree in Instructional Technology from East Carolina University.