The LogRhythm NEI Compliance Package provides bundled reports, investigations, alarms, and log source lists to help you demonstrate regulation compliance. Your site compliance auditor will check for specific line-item regulations to be met by LogRhythm. This guide demonstrates how and when LogRhythm meets NEI compliance.
This section describes each of the following for NEI compliance:
- Compliance Reporting for NEI Auditors
- Compliant Monitoring
- Audit Deliverables
Compliance Reporting for NEI Auditors
NEI responsibilities are detailed in NEI 08-09 REV 6 Guidelines. Auditors are instructed to review the minimum security requirements outlined in NEI 08-09 REV 6 to determine if compliance is met. This deployment guide references each of the affected regulations in the notation of “Security Requirement Family” “Control Number”. For example, the following regulation highlighted in gray would be D.2.1 from Page D-7:
D.2.1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES
Control: The Technical cyber security control develops, disseminates, and periodically review in accordance with 10 CFR 73.55(m), and updates:
Because NEI is solution and vendor agnostic, NEI auditors must determine if the control provided by LogRhythm is appropriate for the organization for the specific regulation. In some cases, LogRhythm will provide enhancements to existing controls, such as centralization, investigations, alarming, reporting, auditing, monitoring, and discovery.
LogRhythm provides automated processes to reduce the amount of manual processes involved with monitoring. In addition, LogRhythm provides tools necessary to conduct detailed manual monitoring and investigations.
NEI specifies a 31 day timeframe for monitoring, however LogRhythm can provide for a range of responses and monitoring techniques.
LogRhythm has settings for the retention duration of logs available for reporting and investigations. The NEI auditor should note that the period between reports being generated for auditing should never exceed the retention period. Therefore, if logs are being retained for 14 days, audit reports should be generated in 14 day intervals.
Immediate action in the event of a breach or system failure can help limit the damages to the organization. LogRhythm’s alarming capability notifies the appropriate security personnel when a security monitoring device detects activities that could jeopardize the integrity of the organization. The Alarm Rules table shows shows the thresholds and suppression of alarm rules as pertaining to NEI compliance.
The NEI Report Package can generate all the reports needed for auditing.
To start the process:
- From the LogRhythm Console, click Report Center.
- Select the Report Packages tab.
- Right-click the NEI Report Package, and then click Run.
The NEI report package must be run no less frequently than once per month to ensure all data is available for report generation. The deliverables that demonstrate adherence to NEI are shown in the NEI 08-09 Rev 6—Requirements table.