Refine your search:

Does Splunk ESS include coverage for FISMA compliancy? And if so, what specifically within the ESS suite is specific for FISMA requirements, if anything?

asked 29 Mar '10, 17:32

maverick's gravatar image

maverick ♦
3.0k5943119
accept rate: 13%

edited 30 Aug '10, 18:17

Justin%20Grant's gravatar image

Justin Grant
1.8k272666


2 Answers:

First of all, please be aware that SANS.ORG has embraced the top 20 Critical FISMA controls put forth by NIST....

(See this page regarding that topic:) http://www.sans.org/critical-security-controls/

...and Splunk has been certified by SANS.ORG as a vetted tool for Top 20 Critical Control #6 http://www.sans.org/critical-security-controls/user-tools.php

...and here are all of the specific 8500-53 controls regarding TTCC #6 listed (scroll down a little on this page) http://www.sans.org/critical-security-controls/control.php?id=6

Knowing this, technically, Splunk is certified for FISMA Top 20 Critical Control #6, and also provides the capability to tie in and integrate other actions into the adjacent FISMA controls (i.e. Splunk cannot synchronize your server clock, but it CAN trigger a script to sync them when it sees a time offset difference, thus providing a compensating control around clock syncing)

Also, I think the current ISO Goverance section of ESS can be enhanced to include a FISMA-specific module that can help with that integration into some of the other FISMA Top 20 Critical Controls as well. (Imagine a FISMA fly-out menu with specific searches, reports, or alerts related to FISMA.) This may be something that Splunk professional services could probably scope out and add to ESS too, if that makes it easier.

Additionally, we may be looking into creating a FISMA-specific module as part of the core ESS App. No ETA yet that I am aware of, but customer's are starting to drive us that way for sure.

All in all, I think no one product can cover all of FISMA requirements, but Splunk has the best starting point (i.e. core Splunk + ESS App) and potential to specialize as you need, for FISMA or any other type of compliancy you are considering Splunk for.

link

answered 30 Mar '10, 13:37

maverick's gravatar image

maverick ♦
3.0k5943119
accept rate: 13%

Would the FISMA module be created separately from the ESS Suite?

(30 Mar '10, 16:53) BunnyHop

I'm not the person that can really answer if it WOULD be separate or part of ESS Suite or not, but I imagine, technically, it could be either or both. A separate App OR just another menu item with ESS called FISMA Controls, or something like that, where you go select to go the FISMA-related dashboards and/or form searches, etc.

(31 Mar '10, 13:32) maverick ♦

Please be aware SANS.org's Critical Security Controls are only tangentially related to FISMA. CSC maps to a limited subset of NIST SP 800-53 controls but is not FISMA compliance itself. To satisfy FISMA security controls refer to the current FISMA security control catalog document, NIST SP 800-53 Revision 3.

I have no experience with ESS but if it provides governance support for ISO 27001 controls this can be the basis of some FISMA compliance support as NIST SP 800-53r3 controls have mappings to ISO 27001 Annex A (see Appendix H of SP 800-53r3).

New releases of NIST FISMA guidance have refocused efforts on all aspects of Continuous Monitoring. ESS is well positioned to provide extensive support for this compliance goal. This new guidance is developed with the Joint Task Force Transformation Initiative, creating a Unified Information Security Framework that will be applied not only to systems covered by FISMA but also systems in the Intelligence Community and DoD.

link

answered 31 Mar '10, 01:32

DanPhilpott's gravatar image

DanPhilpott
111
accept rate: 0%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×400

Asked: 29 Mar '10, 17:32

Seen: 2,280 times

Last updated: 30 Aug '10, 18:17

Copyright © 2005-2014 Splunk Inc. All rights reserved.