NRC RG 5.71 Deployment Guide – Meet the Compliance Requirements
The LogRhythm NRC Compliance Package provides bundled reports, investigations, alarms, and log source lists to help you demonstrate regulation compliance. Your site compliance auditor will check for specific line-item regulations to be met by LogRhythm. This guide demonstrates how and when LogRhythm meets NRC compliance.
This section describes each of the following for NRC compliance:
- Compliance Reporting for NRC Auditors
- Compliant Monitoring
- Alarming
- Audit Deliverables
Compliance Reporting for NRC Auditors
NRC responsibilities are detailed in NRC RG 5.71 Guidelines. Auditors are instructed to review the minimum security requirements outlined in NRC RG 5.71 to determine if compliance is met. This deployment guide references each of the affected regulations in the notation of “Security Requirement Family” and “Control Number”. For example, the following regulation highlighted in grey would be B.2.1 from Page B-7:
B.2.1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES
Control: [Licensee/Applicant] developed, disseminated, and [annually] reviews and updates the following while using an independent party for the audit reviews:
Because NRC is solution and vendor-agnostic, NRC auditors must determine if the control provided by LogRhythm is appropriate for the organization for the specific regulation. In some cases, LogRhythm will provide enhancements to existing controls, such as centralization, investigations, alarming, reporting, auditing, monitoring, and discovery.
Compliant Monitoring
LogRhythm provides automated processes to reduce the amount of manual processes involved with monitoring. In addition, LogRhythm provides the tools necessary to conduct detailed manual monitoring and investigations.
NRC specifies a 30-day timeframe for monitoring; however, LogRhythm can provide a range of responses and monitoring techniques.
LogRhythm has settings for the retention duration of logs available for reporting and investigations. The NRC auditor should note that the period between reports being generated for auditing should never exceed the retention period. Therefore, if logs are being retained for 14 days, audit reports should be generated in 14-day intervals.
Alarming
Immediate action in the event of a breach or system failure can help limit the damages to the organization. LogRhythm’s alarming capability notifies the appropriate security personnel when a security monitoring device detects activities that could jeopardize the integrity of the organization. The Alarm Rules table shows how the thresholds and suppression of alarm rules pertain to NRC RG 5.71 compliance.
Audit Deliverables
The NRC Report Package can generate all the reports needed for auditing.
To start the process:
- From the LogRhythm Console, click Report Center.
- Select the Report Packages tab.
- Right-click the NRC Report Package, and then click Run.
The NRC report package must be run no less frequently than once per month to ensure all data is available for report generation. The deliverables that demonstrate adherence to NRC are shown in the NRC RG 5.71—Requirements table.