In 2014, the Department of Defense for details (DoD) introduced the Risk Management Framework (RMF) to help federal agencies better manage the many risks associated with operating an information system. It is clear that a compliance-only oriented approach is not enough for a robust security posture, especially in the face of today’s threats.  The core premise behind RMF is that systems carry an inherent risk based on many factors including criticality, sensitivity, and the evolving threat landscape and preaches an approach where it is a continuous process more than a one-time execution for accreditation.

RMF is a paradigm shift for agencies from the traditional Certification and Accreditation (C&A). Change is not always seamless, and there are always challenges. 

The NIST SP800-37 publication offers guidance on RMF over a discrete set of 6 steps:

  • Categorize – your systems based on impact assessment which is detailed in the FIPS Publication 199

  • Select – baseline controls that apply to the system tailoring guidance based on risk assessment

  • Implement – apply the controls and document their deployment

  • Assess – determine the control’s effectiveness and the extent to which they have been implemented correctly

  • Authorize – determine risk and if acceptable, approve operation

  • Monitor – continuously observe, track changes and reassess effectiveness

Enter Splunk

Splunk is a cost effective, flexible, and integrated solution that can help meet a variety of compliance requirements and beyond. Splunk, in particular, can be leveraged to assist agencies in facilitating and enabling their RMF process, specifically with Steps 4 (Assess) and 6 (Monitor).

With Splunk, federal agencies have better access to their data and can interpret it to ensure agency transparency. Additionally, audits are made much simpler with quick generation of reports and dashboards that offer an instant, real-time view into implementations and their effectiveness.

Some of the specific ways Splunk helps agencies embrace RMF include:

  • Continuous monitoring of security controls and their effectiveness

  • Audit trail collection and reporting

  • Help determine acceptability of security controls in terms of risk

  • Enable assessment of implementation and effectiveness of controls

  • Collect, retain, search, alert and report on logs from all assets and activities