This is our final blog focused on discussing the Risk Management Framework (RMF) produced by NIST to simplify and transform IT security and risk management activities in a consumable six-step process. In our previous blogs we’ve covered why does the RMF still matter and began looking at Categorization and Design of controls (steps 1 – 3 of the RMF) and validating controls and policies (steps 4 – 5 of the RMF). Our focus in this blog is on Step 6: Providing continuous monitoring of the system (NIST 800-137). As stated in the step name, the final step essentially is to provide continuous monitoring of the control and policies implemented. This step is where technology, specifically BAP, can really help. By leveraging BAP software to automate the creation and validation of security controls and policies, you can automate your continuous monitoring for accountable security.
Continuous Monitoring and Accountable Security
Continuous monitoring is often enabled through algorithms looking for known threat patterns, or the analysis of unexpected behavior within the environment. The understanding of threat to the environment is a critical step in the right direction, although the results must align with existing security standards to provide cyber accountability.
Cyber accountability is the ability to visualize the impact of the cyber threat to specific services or system (email, GOTs database, mission control) within the environment. Some of the attributes of cyber accountability include:
- Automation and artificial intelligence to compare a standard to dynamic variables in an environment to ascertain the viability/health of the stated standard
- Provide accountability, based on actual events, to the cyber health of an organization
- Use of weights, priorities and key phrases to cumulatively ascertain risk level scores related to any standard and the impact on related standards to meet a common objective, cyber risk being a primary outcome
- Focused resolution on non-compliant and risk-oriented events
SIEM Tools, Log Aggregators and Cyber Operations Teams
The deployment of SIEM, Log Aggregation, and Cyber Operations teams are a critical steps to your security success. The use of log aggregators and SIEM products have significantly enhanced our ability to find that needle in the haystack, allowing us to create scripts and algorithms to discover the threat to our environment. However, to understand the actual threat to the agency, the agency must move beyond SIEM and log aggregation into Accountable Cyber.
There is value in these products, although the effort required, often exceeds that of the traditional IT administrator. The impact of the firewall breach is not as simple as an exposed port on the firewall; the breach also increases the risk level of other hardware and software within the secured system. Because of the breached firewall, the risk level of multiple components increase, elevating the risk to the components within the AVSD system.
The use of SIEM or log aggregators will reduce the number of events to be processed, although the mathematical algorithms needed to understand the risk level impact is very complicated, based on the staggering potential implications and varying levels of impact, controls, and policies.
Build the RMF Standards within BAP
In conclusion, following the standards laid out in the RMF strategy documents greatly enhances an organizations ability to protect against nefarious threats. There is the ability for Accountable Security that takes the work of a standard SIEM or log aggregator and provides deeper, more robust continuous monitoring. Continuous monitoring and Accountable Security are within reach. Continuous monitoring and accountability are not an insurmountable task. Organization Accountability is possible Achieving cybersecurity strength is possible. BAP was built to makes it easy.
How does BAP do it? When organizations view the creation of cyber controls and policies as the absolute point of reference from which we measure cyber accountability the addition of the BAPsoftware suite allows agencies to optimize time and cost to achieve the ultimate goal. Offering a robust cyber defense for our nation and citizens. BAP enables the centralized management of the implementation of RMF providing cost and time-savings, as well as sharing standards throughout the organization.
Check out BAP for yourself with a free demo.