Monitoring NIST SP 800-53 rev5 control families
You work in IT for the United States Department of Defense (DoD). You know that according to DoD Instruction 8510.1, which establishes the Risk Management Framework (RMF) for DoD IT, you need to monitor the control families listed in NIST SP 800-53 rev5. This use case provides searches you can run to meet the technical controls specified in SP 800-53 rev5 in support of the NIST Risk Management Framework (SP 800-37), both referenced in DoD 8510.1. Due to your diverse technology environment, you need a vendor-agnostic view to enable your teams to look across the various components of their organizations and assess their posture with respect to the relevant technical security controls.
Required data
- Data normalized to the following Common Information Models:
How to use Splunk software for this use case
You can run many searches with Splunk software to help ensure compliance with risk management requirements. Depending on what information you have available, you might find it useful to work on some or all of the following control families:
Next steps
The guides for each control can help you create an easy path to consolidate and automate collection of compliance relevant status information for on-prem, in the cloud, or across hybrid environments. Use the searches for continuous monitoring: develop a security and privacy continuous monitoring strategy and implement security and privacy monitoring programs.
These additional Splunk resources might help you understand and implement this use case:
- Blog: Securing DoD aystems — A look at SOAR
- Blog: Understanding the DoD’s data strategy: Part 1
- Blog: Defense department cybersecurity: All ahead on zero trust
- eBook: Leveraging CDM to drive federal cyber strategies
- Analyst Report: Four steps to government security: Investigate, monitor, analyze, act