NIST 800-171 Compliance - Quarterly Checklist

Just when you think you’re safe, check again. Complacency kills.
Compliance Officer: Review annual training progress; schedule security training as necessary to ensure all employees meet the requirements.

1. IT Team: Update organizational accounts list; Change organization or service passwords and WiFi pre-shared keys that are older than 120 days old
2. IT Team: Review access records for drives and folders that contain CUI, PII, CUI, etc. for the last 90 days
3. Compliance Officer or Delegate: Review access records related to employees who were hired within the last 60 days
4. IT Team: Review access records and logs related to employees who were terminated within the 60 days; Ensure access records and logs older than 90 days are properly stored in long-term archives
5. IT Team: Conduct automated vulnerability assessment on systems that process, store, or transmit sensitive information
6. IT Team: Enforce mandated admin account disable for 10%-25% of admin users for 3-7 consecutive days
7. IT Team: Review software installed on all systems; remove blacklisted software (games, P2P, VPN, coin miners etc.); ensure required software is installed, and baseline configs are still in place
8. Compliance Officer or delegate: Review 25-50% of the Security Policies and note discrepancies or required changes; Record the results of the review so the policies can be updated at the annual review or earlier if necessary
9. IT Team: Restore a backup that was conducted within the last 30 days to test the full restoration process, Measure the time it takes to return to full operation
10. IT Team: Conduct test restoration of approved randomly chosen essential systems; Update backup inventory listing location, type, coverage, and schedule
11. Compliance Officer: Ensure that recovery and restoration actions meet Mean Time to Recovery (MTTR) objectives and that the objectives are reasonable
12. Office Manager: Conduct power management test to ensure uninterruptible power supply/systems function properly
13. Office Manager: Identify hours that have potential of high risk activity on-site and review 10 hours of surveillance recordings at 5x speed or less
14. Continued below:
15. IT Team: Update network diagram
16. IT Team: Physically check 10% of systems for unapproved peripherals or suspicious devices connected to computers
17. IT Team: Review GPO settings for passwords: 
1. IT / Admin users OU to 60 days
2. Domain User OU to 90 days
3. Service Accounts OU to 120-365 days"
18. IT Team: Update common password list, conduct password hash reviews to ensure these passwords are not used
19. IT Provider, Compliance Officer & OpsO: Review user permissions and roles; Ensure they match current job function requirements
20. IT Team: Remove temporary or shared accounts that are no longer needed
21. IT Team: Verify that technical security controls are functioning. Visit the EICAR website, attempt to log in to applications using guessed credentials, and modify test files on the audited file servers to ensure that audit records are accurate; Make sure logs for all tracked events are aggregated (SIEM) and processed appropriately
22. Compliance Officer: Review SIEM tool reports; and evaluate effectiveness of the IT Provider actions
23. Operations Officer: Verify the credentials, skills, references for training and certification claims
24. Office Manager:Review list of authorized users with physical access to the facility. Review access logs and ensure that only authorized personnel have access to the facility and secure areas
25. Data Protection Officer: Review shared documents, company communications, and public announcements to ensure privacy laws are followed
26. Compliance Officer: Delete and clean up sensitive or confidential files to ensure only required documents are stored and reduce the footprint of classified documents