Module Highlights
This section highlights some key reporting capabilities contained within the NIST Compliance Automation Suite. LogRhythm has adopted the Consolidated Compliance Framework (CCF) approach to find common control approaches across various frameworks. This approach has been applied to the NIST Compliance Automation Suite to help organizations streamline compliance objectives. Collectively many considered NIST an influencer of compliance frameworks and is a core to LogRhythm’s compliance approaches within CCF. All objects associated with this module follow the ‘CCF: XXX’ naming convention and utilize a restricted view to only allow those appropriate individuals to see NIST specific content.
New profiles can be created for the Global Administrator, Global Analyst, Restricted Administrator, Restricted Analyst, and Web Service Administrator security roles. The security roles enable the administrator to assign access to specific objects within the Entity to individual users. For example, many Restricted Analysts can be given access to Entity A, but not access to the same Log Sources within Entity A. Restricted Analyst 1 can have access to Log Sources 1, 2, and 3 on Entity A, while Restricted Analyst 2 has access to Log Sources 4, 5, and 6 on Entity A. This allows the organization to limit access to data and compliance content according to compliance needs.
As the organization identifies the need for a compliance module, in this instance NIST, it is important to consider where the organization is along the Compliance Maturity Module. How mature the organization is will determine what key resources are available to better align the NIST Compliance Automation Suite deployment with your compliance program. As the organization matures and key internal resources are established, the organization can easily pivot from a strong compliance base to establish strong security practices. To start, assess your organization’s maturity level in each category in the tables below.
LogRhythm Control Family Augment Ability
|
NIST 800-53 Control Family |
LR Augment Ability |
|---|---|
|
Access Control (AC) |
|
|
Awareness and Training (AT) |
|
|
Audit and Accountability (AU) |
|
|
Security Assessment and Authorization (CA) |
|
|
Configuration Management (CM) |
|
|
Contingency Planning (CP) |
|
|
Identification and Authentication (IA) |
|
|
Individual Participation (IP) |
|
|
Incident Response (IR) |
|
|
Maintenance (MA) |
|
|
Media Protection (MP) |
|
|
Privacy Authorization (PA) |
|
|
Physical and Environmental Protection (PE) |
|
|
Planning (PL) |
|
|
Program Management (PM) |
|
|
Personnel Security (PS) |
|
|
Risk Assessment (RA) |
|
|
System and Services Acquisition (SA) |
|
|
System and Communications Protection (SC) |
|
|
System and Information Integrity (SI) |
|
|
NIST 800-171 Control Family |
LR Augment Ability |
|---|---|
|
Access Control (3.1) |
|
|
Awareness and Training (3.2) |
|
|
Audit and Accountability (3.3) |
|
|
Configuration Management (3.4) |
|
|
Identification and Authentication (3.5) |
|
|
Incident Response (3.6) |
|
|
Maintenance (3.7) |
|
|
Media Protection (3.8) |
|
|
Personnel Security (3.9) |
|
|
Physical Protection (3.10) |
|
|
Risk Assessment (3.11) |
|
|
Security Assessment (3.12) |
|
|
System and Communications Protection (3.13) |
|
|
System and Information Integrity (3.14) |
|
|
NIST CSF Control Family |
LR Augment Ability |
|---|---|
|
Identify (ID) |
|
|
Protect (PR) |
|
|
Detect (DE) |
|
|
Respond (RS) |
|
|
Recover (RC) |
|
The guide is divided into the following sections: