Skip to content

NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Important

A software product -- such as Compliant Kubernetes -- cannot by itself be NIST SP 800-171 conform or certified. Instead, NIST SP 800-171 sets requirements on the organization and how it works with the software. Compliant Kubernetes can support fulfilling all NIST SP 800-171 requirements, provided that the organization has suitable policies and processes in place. For example, a tight integration needs to exist between onboard and offboarding personnel in HR and the Identity Provider which integrates with Compliant Kubernetes. Below we map NIST SP 800-171 requirements to Compliant Kubernetes features.

Important

This document was written based on NIST SP 800-171 Rev. 2. As of Jan 2024, Rev. 3 was in final public draft stage. Update: Rev. 3 is now available and we have created an issue to update this section accordingly when time permits.

Overview

Status Number of requirements % of all requirements
Fully supported 54 49%
Org-related 50 45%
Application-related 5 5%
Infra-related 1 1%
Total 110 100%

Requirements

Click on the links below to navigate the documentation by control.

NIST SP 800-171 3.1.1

NIST SP 800-171 3.1.2

NIST SP 800-171 3.1.4

NIST SP 800-171 3.1.5

NIST SP 800-171 3.1.6

NIST SP 800-171 3.1.7

NIST SP 800-171 3.1.11

NIST SP 800-171 3.1.13

NIST SP 800-171 3.1.15

NIST SP 800-171 3.1.20

NIST SP 800-171 3.3.1

NIST SP 800-171 3.3.2

NIST SP 800-171 3.3.3

NIST SP 800-171 3.3.5

NIST SP 800-171 3.3.6

NIST SP 800-171 3.3.7

NIST SP 800-171 3.4.4

NIST SP 800-171 3.4.5

NIST SP 800-171 3.4.7

NIST SP 800-171 3.4.8

NIST SP 800-171 3.4.9

NIST SP 800-171 3.5.1

NIST SP 800-171 3.5.2

NIST SP 800-171 3.5.4

NIST SP 800-171 3.5.5

NIST SP 800-171 3.5.6

NIST SP 800-171 3.6.3

NIST SP 800-171 3.7.1

NIST SP 800-171 3.7.4

NIST SP 800-171 3.7.5

NIST SP 800-171 3.11.2

NIST SP 800-171 3.12.3

NIST SP 800-171 3.12.4

NIST SP 800-171 3.13.1

NIST SP 800-171 3.13.2

NIST SP 800-171 3.13.3

NIST SP 800-171 3.13.6

NIST SP 800-171 3.13.10

NIST SP 800-171 3.13.11

NIST SP 800-171 3.13.16

NIST SP 800-171 3.14.4

NIST SP 800-171 3.14.5

NIST SP 800-171 3.14.6

NIST SP 800-171 3.14.7

Notes on Some Requirements

3.3.4

Compliant Kubernetes alerts, e.g., if Fluentd is unable to deliver audit logs to OpenSearch.

3.3.8 and 3.3.9

Audit logs are stored in OpenSearch and are write-only.

3.4.1, 3.4.2 and 3.4.3

Compliant Kubernetes configuration is fully stored in Git and can benefits from Git merge requests, reviews, etc.

3.13.5

All Compliant Kubernetes environments should run inside the organization's demilitarized zone (DMZ).

3.13.15

Compliant Kubernetes uses HTTPS for all its Service endpoints.

3.13.16

Compliant Kubernetes recommends full-disk encryption at the infrastructure level.

3.14.1

Please find relevant information in Elastisys ToS 3.6 Vulnerability Management.

Further Reading