National Institute of Standards & Technology Deployment Guide
This guide describes how to implement the LogRhythm NIST Compliance Automation Suite. This suite provides pre-bundled content such as AIE Rules, Alerts, Investigations, Lists and Reports that help organizations pursue compliance around NIST data security objectives. In addition, this guide provides control mapping between LogRhythm SIEM and control objectives across NIST 800-53 rev. 5, 800-171, and Cyber Security Framework (CSF). The combination of 800-53 rev. 5 as a base, its subset of 800-171 to help satisfy Defense Federal Acquisition Regulation Supplement (DFARS) requirements for Controlled Unclassified Information (CUI), and CSF to focus on cyber-specific risks provides a full set of requirements for organizations to build a data security program.
After you configure the automation suite, the LogRhythm Platform Manager includes the proper components needed for NIST compliance. Correlation Rules, Alarms, Investigations, and Reports are automatically associated with the correct NIST objectives. You can then schedule Reports for periodic generation and delivery or generate them on demand for various audiences. To identify areas of non-compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization's cardholder data systems.
LogRhythm content is mapped to control objectives across the three aforementioned NIST frameworks and designed to be utilized by various audiences including internal and external audit, executive management, control owners, program developers, IT security, IT operations, and other individuals or groups involved in the audit cycle.
Intended Audience
This guide is intended for LogRhythm Enterprise administrators and analysts who are responsible for maintaining compliance with various NIST requirements. Further, monthly and weekly Reporting Packages can be established to provide forensic evidence and audit data to appropriate audiences for distribution. These groups include Security Operations, Security Management, IT Operations, Audit, and Executive Management. These reporting packages, the content included, and the frequency can be adjusted according to the needs of your audience.
This guide is divided into the following sections: