In 2014, the Department of Defense for details (DoD) introduced the Risk Management Framework (RMF) to help federal agencies better manage the many risks associated with operating an information system. It is clear that a compliance-only oriented approach is not enough for a robust security posture, especially in the face of today’s threats. The core premise behind RMF is that systems carry an inherent risk based on many factors including criticality, sensitivity, and the evolving threat landscape and preaches an approach where it is a continuous process more than a one-time execution for accreditation.
RMF is a paradigm shift for agencies from the traditional Certification and Accreditation (C&A). Change is not always seamless, and there are always challenges.
The NIST SP800-37 publication offers guidance on RMF over a discrete set of 6 steps:
Categorize – your systems based on impact assessment which is detailed in the FIPS Publication 199
Select – baseline controls that apply to the system tailoring guidance based on risk assessment
Implement – apply the controls and document their deployment
Assess – determine the control’s effectiveness and the extent to which they have been implemented correctly
Authorize – determine risk and if acceptable, approve operation
Monitor – continuously observe, track changes and reassess effectiveness
Splunk is a cost effective, flexible, and integrated solution that can help meet a variety of compliance requirements and beyond. Splunk, in particular, can be leveraged to assist agencies in facilitating and enabling their RMF process, specifically with Steps 4 (Assess) and 6 (Monitor).
With Splunk, federal agencies have better access to their data and can interpret it to ensure agency transparency. Additionally, audits are made much simpler with quick generation of reports and dashboards that offer an instant, real-time view into implementations and their effectiveness.
Some of the specific ways Splunk helps agencies embrace RMF include:
Continuous monitoring of security controls and their effectiveness
Audit trail collection and reporting
Help determine acceptability of security controls in terms of risk
Enable assessment of implementation and effectiveness of controls
Collect, retain, search, alert and report on logs from all assets and activities
ASSETS TO HELP LEVERAGE BEST PRACTICES
Research Paper: C4ISR/Defense News RMF Research Paper (coming soon)
Tech Brief: Splunk for Risk Management Framework
Blog Post: Splunk for RMF
Recorded Demo: Qmulos Q-Compliance
Product Brief: Qmulos Q-Compliance
Recorded Demo: Qmulos Q-Audit
Product Brief: Qmulos Q-Audit
Technical Webinar: Splunk/Qmulos webinar on how Splunk maps to RMF – Splunk for Information Assurance & Government Compliance