Consolidated Compliance Framework (CCF) Module
This guide describes how to implement the LogRhythm Consolidated Compliance Framework (CCF) Compliance Automation Suite. This suite provides pre-bundled content such as Correlation Rules, Alarms, Investigations, Lists, and Reports that help organizations pursue compliance around CCF data security objectives. In addition, this guide provides control mapping between the LogRhythm SIEM and control objectives contained within CCF.
The CCF Compliance Automation Suite provides pre-bundled Investigations, Correlation Rules, Alarms, and Reports that are designed to support a minimum set of security requirements across multiple frameworks, regulations, legislation, and industry best practices. This minimum standard of security requirements attempts to ensure continuity of information protection across an organization’s operations to the extent the SIEM and its functionality can augment. This pre-bundled content is automatically associated with the correct CCF control objectives that are supported by LogRhythm. Various lists are also available, some of which are preconfigured and others that can be catered to your environment, processes, and system classifications. SmartResponses can be enabled to add compliance scope and bring in valuable functionality within the SIEM.
There are many frameworks, policies, and regulations that exist today across multiple industries. The CCF methodology is currently leveraged in our UAE-NESA, GDPR, NIST (800-53, 800-171, and CSF), NY-DFS, CJIS, ISO 27001, and ASD modules. Our team’s interpretations of the augmented controls can be found in the module-specific deployment guides located under Documentation & Downloads on the LogRhythm Community . LogRhythm’s core set of content offered through the Consolidated Compliance Framework is mapped to various control frameworks, offering a streamlined approach to compliance through SIEM technology. LogRhythm SIEM technology and content align with the CCF core objectives of protecting information through many common control objectives including user access management, privileged access management, data and privacy protection, retention requirements, business continuity, incident response, change management, and overall assistance as a safeguarding mechanism to strengthen the organization’s security posture.
After you configure the automation suite, the LogRhythm Platform Manager includes the proper components needed for CCF compliance. Correlation Rules, Alarms, Investigations, and Reports are automatically associated with the correct CCF objectives. You can then schedule Reports for periodic generation and delivery or generate them on demand for various audiences. To identify areas of non -compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization's cardholder data systems.
As with any framework, some controls and best practices offered may require additional tailoring to augment them appropriately as determined by the organization. We encourage our LogRhythm community administrators and analysts to create their own AIE rules, alarms, investigations, and reports to augment more controls than we can pre-build content for. Many tools are available for this, including the wide range of logs available in the LogRhythm MPE Rule Builder, Log Library, and ECHO tool set. Professional Services and Analytics Co-Pilot services are available as needed to assist with the creation and tailoring of custom rules and actions.
Intended Audience
This guide is intended for LogRhythm Enterprise administrators and analysts who are responsible for maintaining compliance with various CCF requirements. Further, monthly and weekly Reporting Packages can be established to provide forensic evidence and audit data to appropriate audiences for distribution. These groups include Security Operations, Security Management, IT Operations, Audit, and Executive Management. These reporting packages, the content included, and the frequency can be adjusted according to the needs of your audience.