Skip to main content
Skip table of contents

NCA OTCC Deployment Guide

This guide describes how to implement the LogRhythm National Cybersecurity Authority Operational Technology Compliance Automation Suite. This suite provides pre-bundled content such as AIE Rules, Alarms, Investigations, Lists, and Reports that help organizations pursue compliance with NCA OTCC.  

This guide provides control mapping between LogRhythm SIEM content and official guidance for the NCA OTCC subcontrols and subdomain controls. Developing a base-level security program with the ability to monitor, address, and thwart general, non-targeted cyber attacks is a foundational aspect of NCA OTCC. The LogRhythm SIEM serves as an essential tool for organizations as they mature their security posture. Organizations can use the content within this compliance automation suite to facilitate their adherence to certain guidelines and requirements of the NCA OTCC Reporting Standard.

Many of these phases include key resources that can be leveraged in the deployment of the security suite. The NCA OTCC subcontrols and subdomain controls module provides pre-bundled content available through the Knowledge Base and is part of the foundation around the Consolidated Compliance Framework (CCF) methodology.  An organization can use the module content to augment control objectives and support efforts to follow NCA OTCC guidelines and requirements. AIE Alarms assist with quickly identifying risk exposures, while Case Management enables centralized collection of forensic data to support incident reporting, response time, and remediation requirements. This pre-bundled content is automatically associated with the NCA OTCC subcontrols and subdomain control objectives outlined that are supported by LogRhythm Enterprise. Various lists are also available, some of which are pre-configured and others that can be catered to your environment, processes, and system classifications. Collectively, these and other LogRhythm features provide a road map to help organizations transition from an immature security program to a true security, risk-based organization over its critical infrastructure. Our team’s interpretations of the augmented best practice guidelines can be found in the matrices of this module. LogRhythm’s core set of content offered through the Consolidated Compliance Framework (CCF) is mapped to NCA OTCC standards, offering a streamlined approach to integration through SIEM technology and an avenue by which to strengthen an organization’s security posture.

After you configure the security controls suite, the LogRhythm Platform Manager includes the proper components needed to support NCA OTCC subdomain and control adherence. As AIE rules, alarms, reports, and investigations are correlated with in-scope log sources and hosts, your compliance and security teams can leverage powerful data. You can also schedule reports for periodic generation and delivery or generate them on demand for various audiences. To identify areas of control failure in real-time, you can leverage investigations and alarms for immediate analysis of activities that impact your organization's systems. Once a control failure or risk exposure is realized, you can quickly use Case Management to organize and understand this event. This helps the organization reduce the mean time to detection (MTTD) and mean time to respond (MTTR) to not only ensure reporting time requirements are met but also help limit the time of risk realization and damage.

As with any framework, some controls and best practices offered may require additional tailoring to augment them appropriately as determined by the organization. We encourage our LogRhythm community administrators and analysts to create their own AIE rules, alarms, investigations, and reports to augment more controls than we can provide with pre-bundled content. Many tools are available for this, including the wide range of logs in the LogRhythm MPE Rule Builder, Log Library, and ECHO tool set. Professional services and Analytics Co-Pilot services are available as needed to assist with creating and tailoring custom rules and actions. 

LogRhythm content is designed to be used by various audiences, including internal and external auditors, executive management, control owners, program developers, IT security, IT operations, and other individuals or groups involved in the audit cycle.

Intended Audience

This guide is intended for LogRhythm Enterprise administrators and analysts who would like to adhere to NCA OTCC controls. Monthly and weekly reporting packages can be established to provide forensic evidence and audit data to appropriate audiences for distribution, including security operations, security management, IT operations, audit, and executive management. The reporting packages, the content included, and the frequency can be adjusted according to the needs of your audience.  

This guide details the installation, configuration, and verification of objects used in the NCA OTCC Controls module. When this section is complete, the LogRhythm Platform Manager-enabled content will begin to provide value around your CIS security control efforts. The process involves the following steps:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.