Achieving FISMA/NIST Compliance with Lancope’s StealthWatch System
The federal government is under immense pressure to maintain secure, reliable technology in light of increasingly sophisticated cyber attacks such as the recent WikiLeaks scandal. While most organizations risk monetary losses and a tarnished reputation in the event of a security incident or network failure, the U.S. Government has the safety, privacy and vitality of the entire nation at stake. Unfortunately, unfriendly nation states and rogue terrorists are aware of this fact, and could feasibly harm lives and take down much of our nation’s infrastructure over the Internet.
It is for this reason that the last several presidents have instituted more proactive and stringent cybersecurity measures for government agencies. The Federal Information Security Management Act (FISMA) was passed in 2002, requiring each federal agency to implement and maintain a formal, comprehensive information security program to protect government assets. To support FISMA compliance, the National Institute of Standards and Technology (NIST) developed the Risk Management Framework (RMF), a set of standards and guidance for agencies to follow in order to cost-effectively manage security risks.
Without in-depth visibility and actionable intelligence into what is going on in their networks, it is very difficult for federal agencies to achieve compliance. After all, you cannot protect what you cannot see.
|StealthWatch supports FISMA/NIST compliance by providing:
|Comprehensive, continuous monitoring of the entire network to enhance visibility
|Behavioral-based anomaly detection to:
|Detect sophisticated, zero-day attacks that bypass perimeter defenses
|Uncover internal threats such as policy violations and device misconfigurations that can jeopardize security and compliance
|Host group locking to limit communication with sensitive systems
|Automatic threat prioritization and mitigation for faster troubleshooting and incident response
|Layer 7 visibility to track application-level threats
|Identity awareness to uncover the root cause of issues all the way down to the user level, and enforce user accountability for introducing security and performance risks
|Network forensic data for easily conducting security investigations
|An easy-to-understand, graphical user interface for gathering actionable network intelligence
|Advanced reporting capabilities to assist with demonstrating compliance
NIST states that for an information security program to be effective, federal agencies should:
- Periodically assess risk to critical systems
- Develop policies and procedures for reducing information security risks based on assessments
- Provide security awareness training for personnel
- Conduct periodic testing and evaluation of the efficacy of security policies, procedures and controls
- Implement a process for correcting any security deficiencies uncovered during evaluations
- Develop strong procedures for detecting, reporting and responding to security incidents
- Create plans for ensuring the continuity of information system operations1
Lancope Federal Customers
Lancope serves customers across the U.S. Federal Government, including: the Department of Defense, its services and agencies, the Intelligence Community, civilian departments and agencies, independent agencies, the Legislative Branch, the Judicial Branch, the Defense Industrial Base and the defense research community.
Specific customers include, among others:
- U.S. Air Force
- U.S. Army
- Missile Defense Agency
- U.S. Department of Justice
- U.S. Department of the Interior
- Internal Revenue Service
- U.S. House of Representatives
- U.S. Department of Energy
- U.S. Strategic Command
- Congressional Budget Office
StealthWatch Provides In-Depth Network Insight for Maintaining FISMA/NIST Compliance
Through continuous monitoring and behavioral-based anomaly detection, Lancope’s StealthWatch fills in the gaps where other network and security technologies leave off, providing the in-depth situational awareness needed to maintain a strong security posture and comply with regulations. By leveraging NetFlow™ and other flow data from existing routers and switches, StealthWatch provides a cost-effective means of achieving comprehensive, in-depth visibility across an organization’s entire network.
In addition to detecting externally-launched cyber attacks, which often bypass perimeter defenses, StealthWatch can also uncover insider threats such as security policy violations, misconfigured devices, data leakage, unauthorized access and network misuse not detected by traditional network and security tools. In addition to enabling a faster, more informed response to security incidents, the system also detects network and application performance issues to ensure the continuity of vital operations across physical and virtual networks.
StealthWatch is scalable to meet the needs of the largest networks, analyzing up to 3.0 million flows per second, and is easy to deploy and manage even with limited resources. Demonstrating compliance is typically an arduous task requiring hours of manual report compilation. With StealthWatch, federal agencies can continuously monitor for and remediate risks, simplifying compliance processes and maintaining a strong security posture on an ongoing basis without expending excessive amounts of time and resources.
According to the Office of Management and Budget’s Fiscal Year 2010 FISMA Report to Congress, cyber attacks on the federal government increased 39% in 2010 over the previous year.
NIST Special Publications 800-53 and 800-37
The Federal Executive Branch of the U.S. Government must follow NIST Special Publications (SP) 800-53 and 800-37 to maintain FISMA compliance.2
NIST Special Publication 800-53, “Recommended Security Controls for Federal Information Systems and Organizations,” helps ensure that appropriate security controls are applied to federal information and information systems to preserve confidentiality, integrity and availability. The document features 18 security control families that agencies should address as part of their FISMA compliance initiatives.
NIST SP 800-37, titled “Guide for Applying the Risk Management Framework to Federal Information Systems,” provides further guidelines for minimizing risk with a particular focus on continuous monitoring. Specifically, the regulation calls for federal agencies to “develop a strategy for the continuous monitoring of security control effectiveness and any proposed or actual changes to the information system and its environment of operation.” It goes on to state that “the implementation of a robust continuous monitoring program allows an organization to understand the security state of the information system over time and maintain the initial security authorization in a highly dynamic environment of operation with changing threats, vulnerabilities, technologies and missions/business functions.”
StealthWatch Supports Compliance with NIST SP 800-53 and 800-37
In order to comply, NIST SP 800-53 and 800-37 require federal agencies to take the following steps:
- Categorize all systems and data
- Select baseline security controls and supplement as necessary
- Implement security controls
- Assess and report on the efficacy of controls
- Authorize information system operation based on risk
- Monitor and report on security control status on an ongoing basis
StealthWatch supports the full lifecycle of SP 800-53 and 800-37 compliance by providing the in-depth network visibility required to effectively undertake these steps. With StealthWatch, federal agencies can baseline and inventory network assets, uncover and remediate security deficiencies and continuously monitor and report on issues to maintain a strong security posture. A seamless, comprehensive monitoring solution like StealthWatch is critical for achieving the levels of security, performance and compliance required by federal agencies to effectively protect our nation.
1 – FISMA Detailed Overview, http://csrc.nist.gov/groups/SMA/fisma/overview.html
2 – NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations, http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf
NIST Special Publication (SP) 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems, http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf