CIS Controls - User Guide

This section highlights some key reporting capabilities contained within the CIS Controls Security Control Suite. LogRhythm has adopted the Consolidated Compliance Framework (CCF) approach to find common control approaches across various frameworks. This approach has been applied to the CIS Controls Security Control Suite to help organizations streamline compliance objectives. Collectively, many considered NIST and supporting frameworks related to CIS as influencers of compliance frameworks and is a core to LogRhythm’s compliance approaches within CCF. All objects associated with this module follow the ‘CCF: XXX’ naming convention and utilize a restricted view to only allow those appropriate individuals to see CIS-specific content.

New profiles can be created for the Global Administrator, Global Analyst, Restricted Administrator, Restricted Analyst, and Web Service Administrator security roles. The security roles enable the Administrator to assign access to specific objects within the Entity to individual users. For example, many Restricted Analysts can be given access to Entity A, but not access to the same Log Sources within Entity A. Restricted Analyst 1 can have access to Log Sources 1, 2, and 3 on Entity A, while Restricted Analyst 2 has access to Log Sources 4, 5, and 6 on Entity A. This allows the organization to limit access to data and compliance content according to compliance needs.

As the organization identifies the need for a compliance module, in this instance CIS, it is important to consider where the organization is along the Compliance Maturity Module. How mature the organization is determines what key resources are available to better align the CIS Controls module deployment with your compliance program. As the organization matures and key internal resources are established, the organization can easily pivot from a strong compliance base to establish strong security practices.

The guide is divided into the following sections: