!!UPDATE!! The November 28, 2017 changes applied to NIST 800-171r1 have been updated in CAPE! What changed?
3.1.1 Limit information system access to authorized users, or processes acting on behalf of authorized users,
or and devices (including other information systems).
, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity.
3.4.3 Track, review,
approve/disapprove approve or disapprove, and audit changes to information systems.
3.4.7 Restrict, disable, and prevent the use of nonessential programs, functions, ports, protocols,
and or services.
3.5.1 Identify information system users, processes acting on behalf of users,
or and devices.
3.6.1 Establish an operational incident- handling capability for organizational information systems that includes
adequate preparation, detection, analysis, containment, recovery, and user response activities.
effective controls on the tools, techniques, mechanisms, and personnel used to conduct information system maintenance.
CUI and information systems containing CUI are protected during and after personnel actions such as terminations and transfers.
3.10.6 Enforce safeguarding measures for CUI at alternate work sites
(e.g., telework sites).
3.14.1 Identify, report, and correct
information and system flaws in a timely manner.
3.14.3 Monitor information system security alerts and advisories and take
appropriate action s in response.
NOTE: CAPE has been improved! The “Next” button will now save your progress! Save and Exit is no longer needed and has been removed.