Market Brief

Achieving FISMA/NIST Compliance with Lancope’s StealthWatch

Download Market Brief

The federal government is under immense pressure to maintain secure, reliable technology in light of increasingly sophisticated cyber attacks such as the recent WikiLeaks scandal. While most organizations risk monetary losses and a tarnished reputation in the event of a security incident or network failure, the U.S. Government has the safety, privacy and vitality of the entire nation at stake. Unfortunately, unfriendly nation states and rogue terrorists are aware of this fact, and could feasibly harm lives and take down much of our nation’s infrastructure over the Internet. 

It is for this reason that the last several presidents have instituted more proactive and stringent cybersecurity measures for government agencies. The Federal Information Security Management Act (FISMA) was passed in 2002, requiring each federal agency to implement and maintain a formal, comprehensive information security program to protect government assets. To support FISMA compliance, the National Institute of Standards and Technology (NIST) developed the Risk Management Framework (RMF), a set of standards and guidance for agencies to follow in order to cost-effectively manage security risks. 

Without in-depth visibility and actionable intelligence into what is going on in their networks, it is very difficult for federal agencies to achieve compliance. After all, you cannot protect what you cannot see.

StealthWatch supports FISMA/NIST compliance by providing: 
Comprehensive, continuous monitoring of the entire network to enhance visibility
Behavioral-based anomaly detection to:
Detect sophisticated, zero-day attacks that bypass perimeter defenses
Uncover internal threats such as policy violations and device misconfigurations that can jeopardize security and compliance
Host group locking to limit communication with sensitive systems
Automatic threat prioritization and mitigation for faster troubleshooting and incident response
Layer 7 visibility to track application-level threats
Identity awareness to uncover the root cause of issues all the way down to the user level, and enforce user accountability for introducing security and performance risks
Network forensic data for easily conducting security investigations
An easy-to-understand, graphical user interface for gathering actionable network intelligence
Advanced reporting capabilities to assist with demonstrating compliance

NIST states that for an information security program to be effective, federal agencies should:

  • Periodically assess risk to critical systems
  • Develop policies and procedures for reducing information security risks based on assessments
  • Provide security awareness training for personnel
  • Conduct periodic testing and evaluation of the efficacy of security policies, procedures and controls
  • Implement a process for correcting any security deficiencies uncovered during evaluations
  • Develop strong procedures for detecting, reporting and responding to security incidents
  • Create plans for ensuring the continuity of information system operations1

Lancope Federal Customers

Lancope serves customers across the U.S. Federal Government, including: the Department of Defense, its services and agencies, the Intelligence Community, civilian departments and agencies, independent agencies, the Legislative Branch, the Judicial Branch, the Defense Industrial Base and the defense research community.

Specific customers include, among others:

  • U.S. Air Force
  • U.S. Army 
  • Missile Defense Agency
  • U.S. Department of Justice
  • U.S. Department of the Interior 
  • Internal Revenue Service
  • U.S. House of Representatives
  • U.S. Department of Energy
  • U.S. Strategic Command 
  • Congressional Budget Office

StealthWatch Provides In-Depth Network Insight for Maintaining FISMA/NIST Compliance

Through continuous monitoring and behavioral-based anomaly detection, Lancope’s StealthWatch fills in the gaps where other network and security technologies leave off, providing the in-depth situational awareness needed to maintain a strong security posture and comply with regulations. By leveraging NetFlow™ and other flow data from existing routers and switches, StealthWatch provides a cost-effective means of achieving comprehensive, in-depth visibility across an organization’s entire network.

In addition to detecting externally-launched cyber attacks, which often bypass perimeter defenses, StealthWatch can also uncover insider threats such as security policy violations, misconfigured devices, data leakage, unauthorized access and network misuse not detected by traditional network and security tools. In addition to enabling a faster, more informed response to security incidents, the system also detects network and application performance issues to ensure the continuity of vital operations across physical and virtual networks.

StealthWatch is scalable to meet the needs of the largest networks, analyzing up to 3.0 million flows per second, and is easy to deploy and manage even with limited resources. Demonstrating compliance is typically an arduous task requiring hours of manual report compilation. With StealthWatch, federal agencies can continuously monitor for and remediate risks, simplifying compliance processes and maintaining a strong security posture on an ongoing basis without expending excessive amounts of time and resources.

According to the Office of Management and Budget’s Fiscal Year 2010 FISMA Report to Congress, cyber attacks on the federal government increased 39% in 2010 over the previous year.

http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/FY10_FISMA.pdf

NIST Special Publications 800-53 and 800-37

The Federal Executive Branch of the U.S. Government must follow NIST Special Publications (SP) 800-53 and 800-37 to maintain FISMA compliance.2

NIST Special Publication 800-53, “Recommended Security Controls for Federal Information Systems and Organizations,” helps ensure that appropriate security controls are applied to federal information and information systems to preserve confidentiality, integrity and availability. The document features 18 security control families that agencies should address as part of their FISMA compliance initiatives.

NIST SP 800-37, titled “Guide for Applying the Risk Management Framework to Federal Information Systems,” provides further guidelines for minimizing risk with a particular focus on continuous monitoring. Specifically, the regulation calls for federal agencies to “develop a strategy for the continuous monitoring of security control effectiveness and any proposed or actual changes to the information system and its environment of operation.” It goes on to state that “the implementation of a robust continuous monitoring program allows an organization to understand the security state of the information system over time and maintain the initial security authorization in a highly dynamic environment of operation with changing threats, vulnerabilities, technologies and missions/business functions.”

StealthWatch Supports Compliance with NIST SP 800-53 and 800-37

In order to comply, NIST SP 800-53 and 800-37 require federal agencies to take the following steps:

  • Categorize all systems and data
  • Select baseline security controls and supplement as necessary
  • Implement security controls
  • Assess and report on the efficacy of controls
  • Authorize information system operation based on risk
  • Monitor and report on security control status on an ongoing basis

StealthWatch supports the full lifecycle of SP 800-53 and 800-37 compliance by providing the in-depth network visibility required to effectively undertake these steps. With StealthWatch, federal agencies can baseline and inventory network assets, uncover and remediate security deficiencies and continuously monitor and report on issues to maintain a strong security posture. A seamless, comprehensive monitoring solution like StealthWatch is critical for achieving the levels of security, performance and compliance required by federal agencies to effectively protect our nation.

 

1 – FISMA Detailed Overview, http://csrc.nist.gov/groups/SMA/fisma/overview.html

2 – NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations, http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf
NIST Special Publication (SP) 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems, http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf