This guide describes how to implement the LogRhythm ASD Compliance Automation Suite. This suite provides pre-bundled content such as AIE Rules, Alarms, Investigations, Lists, and Reports that help organizations pursuing best practice adherence around ASD-ISM guidelines. This guide provides control mapping between LogRhythm SIEM content and guidelines within the ASD-ISM publication. Monitoring and awareness of risk exposures across an organization's environment(s) are foundational aspects of ASD-ISM adherence. The LogRhythm SIEM serves as an essential mitigating aspect along the journey as an organization matures its compliance and security posture. The utilization of the content within this compliance automaton suite helps empower any organization's adherence to certain guidelines of the ASD-ISM.
Many of these phases include key resources that can be leveraged in the deployment of the compliance suite. The ASD Compliance Automation Suite provides pre-bundled content available through the Knowledge Base and part of the foundation around the Consolidated Compliance Framework (CCF) methodology. An organization, with confirmation from auditors, can utilize the module content to augment control objective and support efforts of pursuing adherence of ASD-ISM best practice guidelines. AIE alarms assist with quickly identifying risk exposures, while Case Management provides a central collection of forensic data, including audit evidence to support incident reporting, response time, and remediation requirements. This pre-bundled content is automatically associated with the ASD-ISM (March 2019) control objectives that are supported by LogRhythm Enterprise. Various lists are also available, some of which are pre-configured and others that can be catered to your environment, processes, and system classifications. Collectively, this provides a road map including additional LogRhythm features that can be utilized to help organizations transition from compliance readiness to a true security, risk-based organization. Our team’s interpretations of the augmented best practice guidelines can be found in the matrices of this module. LogRhythm’s core set of content offered through the Consolidated Compliance Framework (CCF) is mapped to ASD-ISM guidelines, offering a streamlined approach to compliance through SIEM technology. LogRhythm SIEM technology and content align with the ASD-ISM guideline families to strengthen the organization’s security posture.
After you configure the automation suite, the LogRhythm Platform Manager includes the proper components needed to support ASD-ISM guideline adherence. As AIE rules, alarms, reports, and investigations are correlated with in-scope log sources and hosts, powerful data to enable your compliance and security teams can be utilized. You can then schedule Reports for periodic generation and delivery or generate them on demand for various audiences. To identify areas of non-compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization's cardholder data systems. Once a control failure or risk exposure is realized, quickly use Case Management to organize and understand this event. This helps the organization reduce the Mean Time To Detection (MTTD) and Mean Time To Respond (MTTR) to not only ensure reporting time requirements are met, but help limit the time of risk realization and damage.
As with any framework, some controls and best practices offered may require additional tailoring to augment them appropriately as determined by the organization. We encourage our LogRhythm community administrators and analysts to create their own AIE rules, alarms, investigations, and reports to augment more controls than we can pre-build content for. Many tools are available for this, including the wide range of logs available in the LogRhythm MPE Rule Builder, Log Library, and ECHO tool set. Professional Services and Analytics Co Pilot services are available as needed to assist with the creation and tailoring of custom rules and actions.
LogRhythm content is designed to be utilized by various audiences including internal and external audit, executive management, control owners, program developers, IT security, IT operations, and other individuals or groups involved in the audit cycle.
This guide is intended for LogRhythm Enterprise administrators and analysts who are responsible for maintaining compliance with various ASD-ISM best practices. Further, monthly and weekly Reporting Packages can be established to provide forensic evidence and audit data to appropriate audiences for distribution. These groups include Security Operations, Security Management, IT Operations, Audit, and Executive Management. These reporting packages, the content included, and the frequency can be adjusted according to the needs of your audience.
This guide details the installation, configuration, and verification of objects used in the ASD Compliance Automation Suite. When this section is complete, the LogRhythm Platform Manager enabled content will begin to provide value around your ASD-ISM efforts. The process involves the following steps: