Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Preparing for a Risk Management Framework (RMF) authorization, what RMF controls does Splunk support?

markh_colorado
Engager
‎08-02-2016 10:37 AM

We are preparing for an RMF authorization in a few months. What controls does Splunk support?

Thanks.

Tags (2)
0 Karma
Reply

chaoslodge
Explorer
‎10-23-2017 12:14 PM

While I have not found anything that can be considered an exhaustive and authoritative list, I did find a July 2017 document from Splunk called "Splunk for RMF - Opererationalizing Continous Monitoring" I think you might have to contact whomever your Splunk rep is to get that. It has a list of controls that Splunk can help answer but is by no means complete from my own observation.

My team and I are currently expanding upon this list and mapping Splunk capabilities to controls. The process is a bit tedious as it involves going through each control family and making a decision about each. Your list of controls and how you handle them is subjective to your information system and its CIA as well as any sort of PII or classification overlays.

My methodology on this is to pull a control family at a time into a spread sheet with the CCI description, Implementation Guidance and Assessment Procedures all included in the row for each of the CCIs associated with the controls. I then go through them asking myself if Splunk has a direct, indirect or no role to play in meeting the requirements of that CCI. From there we have a punch list of items to use as requirements as we tune Splunk and create reports etc,... to meet them.

Reply

swagner1965
Path Finder
‎10-10-2018 08:26 AM

Following up. This has worked really well for us. I am now in the process of running down evidentiary artifacts in the form of either reports or creating searches to show auditors. .conf files and the stanzas inside of them are one of the things we are looking at to show our configurations are inline with the RMF controls.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...