Using Federal RMF and Splunk for IT Systems That Do Not Require Regulatory Compliance

By: Don Arnold | Splunk Consultant

 

Regulatory compliance for IT systems is an area that can be mysterious and not well understood by many IT managers or security professionals.  Some industries are mandated to obtain regulatory compliance certifications for their IT systems, ie HIPAA for healthcare, PCI DSS for credit card transactions, Sarbanes Oxley for accounting, ISO for manufacturing, and FISMA for Federal systems.  However, compliance only applies to a small portion of IT systems and the rest are left to implement a mix of devices and techniques to secure their systems.  However, without a definitive roadmap to follow many IT systems can be left with holes in their security programs, which can increase the risk of attack and make their systems vulnerable to compromise.

Since the majority of IT systems are not required to implement compliance standards, it doesn’t mean they can’t use these standards as a roadmap to better secure their systems.  Many IT security professionals try to build a security practice within their network by using technical solutions.  Though this is good, following a security framework helps to ensure that all areas of security are covered.

One of the best and most complete security frameworks that is publicly available and comes at no cost to use is the Risk Management Framework from the U.S. Government, better known as the Federal RMF.  The Federal RMF uses a number of special publications from the National Institute of Standards and Technology (NIST) to help organize a company’s cybersecurity implementation into a life cycle framework.  The steps in the life cycle include preparation, categorization of the system, selection of applicable security controls, implementation, assessment, authorization, and monitoring.  Each step specifically identifies what happens and uses NIST documents to outline how to follow each one.

The last step in the RMF life cycle is monitoring and the NIST SP 800-53 specifically identifies an entire family of controls for Continuous Monitoring.  Splunk, an industry-leading SIEM, can be implemented to meet the Continuous Monitoring needs of Account Management, Privileged Access, Login Access and other items.  In addition, Splunk has several add-on applications, such as Infosec and Enterprise Security, that can assist with out-of-the-box data searches and dashboards to ensure your cybersecurity Continuous Monitoring needs are being met.

If your IT system is subject to regulatory compliance from HIPAA, PCI, SOX, etc., then the framework has a detailed roadmap for you to follow.  However, if your system does not require compliance, but you’re looking for a framework as a guideline to follow to ensure you’re covering your cybersecurity needs, then the Federal RMF and Splunk are some of the best tools on the market today.  TekStream Solutions has cybersecurity engineers on staff with years of experience implementing cybersecurity solutions and can assist you with building a strong cybersecurity program using the Federal RMF.

Want to learn more about Splunk and cybersecurity? Contact us today!

 

References:

https://csrc.nist.gov/projects/risk-management/risk-management-framework-(RMF)-Overview

https://www.splunk.com/pdfs/ebooks/splunk-cis-critical-security-controls.pdf

https://conf.splunk.com/files/2017/slides/using-splunk-to-comply-with-nist-standards-and-get-authorization-to-operate.pdf