Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds

1@solarwinds
RMF, DISA STIG, and NIST FISMA
Compliance Using SolarWinds
Government Webinar
November 19, 2020

2@solarwinds
Speaker Introductions
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Kevin Davalos
Intermediate Sales Engineer
kevin.davalos@solarwinds.com
512.498.6056 (office)

3@solarwinds
Agenda
• Compliance and SolarWinds®
solution overviews
• FISMA and STIGs security
controls and compliance review
• Risk Management Framework
and compliance review
• Security and compliance
product reviews
• Questions and answers
• Additional resources

4@solarwinds
Compliance and
SolarWinds
Solution Overviews

5@solarwinds
Compliance Overview
Federal Information Security Management Act (FISMA)
(NIST: FISMA Background- http://csrc.nist.gov/groups/SMA/fisma/overview.html)
• Designed to protect the nation’s critical infrastructure
• Standardization for categorizing IT systems by mission impact (FIPS 199)
• Security standards for data and IT systems (FIPS 200)
• Establishes baseline security controls and provides general guidance (SP 800-53)
• Requires protection of sensitive data on contractor information systems (SP 800-171)
Risk Management and Cybersecurity Frameworks
• Risk Management Framework (RMF) supports the implementation of FISMA, is mandatory for
federal agencies, and has been widely adopted by the DOD (SP 800-37)
(RMF background- http://csrc.nist.gov/groups/SMA/fisma/framework.html)
• The Framework for Improving Critical Infrastructure Cybersecurity (aka the Cybersecurity Framework
or NIST CSF) was developed, enhanced, and recently mandated for executive departments and
agencies by Presidential Executive Orders
(CSF background- https://www.nist.gov/cyberframework)

6@solarwinds
Compliance Overview (cont’d)
Security Technical Implementation Guides (STIGs)
(STIGs background- http://www.disa.mil/Cybersecurity/Secure-Configuration-Guidance)
• Technical guidelines for infrastructure installation and maintenance developed by DISA
to reduce vulnerability
• Create an inventory of all systems and software to determine which DISA STIGs to apply
• Monitor configurations and produce compliance reports
• Manage configurations to achieve and maintain compliance
Compliance Audits and Certification
• Preparing for an audit requires considerable documentation and reporting
• Audits require detailed knowledge of networked hardware and applications
(including asset inventories, locations, configurations, access privileges, and vulnerabilities)
• Cybersecurity Maturity Model Certification (CMMC) is being phased in for government contractors
over the next several years; self-certification of 800-171 recently required to bid new DOD
opportunities

7@solarwinds
Risk Management Framework
PROCESS
OVERVIEW
Starting Point
(repeat as necessary)
RISK MANAGEMENT
FRAMEWORK
Step 1
CATEGORIZE
Information Systems
Step 6
MONITOR
Security Controls
Step 5
AUTHORIZE
Information Systems Step 4
ASSESS
Security Controls
Step 3
IMPLEMENT
Security Controls
Step 2
SELECT
Security Controls
Organizational Inputs
Laws, Directives, Policy Guidance
Strategic Goals and Objectives
Priorities and Resource Availability
Supply Chain Considerations
Architecture Description
Architecture Reference Models
Segment and Solution Architecture
Mission and Business Processes
Information Systems Boundaries
Source: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf

8@solarwinds
Cybersecurity Framework
PROCESS OVERVIEW
CYBER SECURITY
FRAMEWORK
Step 1
IDENTIFY
risks to systems, assets,
data, and capabilities
Step 5
RECOVER
capabilities or services
Step 4
RESPOND
with the appropriate
activities
Step 3
DETECT
occurrences of
cybersecurity events
Step 2
PROTECT
with appropriate
safeguards
Source: https://www.nist.gov/sites/default/files/documents/draft-cybersecurity-framework-v1.11.pdf

9@solarwinds© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Security Product Overview
A security and information event
management (SIEM) product designed to
ensure and demonstrate compliance
Security Event Manager
Safely transfer files in a central
management interface
Serv-U® Managed File Transfer
Third-party software updates and inventory
leveraging Microsoft® WSUS or SCCM
Patch Manager
Automated network configuration and change
management software
Network Configuration Manager
Track and compare system and application
changes over time
Server Configuration Monitor
Manage and audit user access rights
across your IT infrastructure
Access Rights Manager

10@solarwinds
SolarWinds Compliance Features
• Inventory network device configurations, assess configurations for
compliance, and automate change and configuration management
• Implement configuration of security controls and help assure effectiveness
• Produce FISMA and DISA STIGs reports from configuration templates
• Produce audit documentation and reports
• Configure correlation rules to help assure effectiveness of security
controls
• Real-time and continuous monitoring of security controls
• Produce FISMA and DISA STIGs compliance reports from templates
• Supports DISA STIGs requirements for configuration auditing, log
analysis, and broader network security
• Tracks and report suspicious activities/attacks to provide auditing support

11@solarwinds
Access Rights Manager
• Built to monitor suspicious account activity, validate IT compliance, and
deliver custom Active Directory reports
• Facilitates fast and safe user account management
• Automate deprovisioning for staff and contractors to help meet security
policies
• NTFS permissions report tool streamlines user access control and
auditing
Patch Manager
• Automate patching of Microsoft and third-party applications to help
improve compliance
• Schedule patches for minimum downtime
• Inventory software and physical components per server or workstation

12@solarwinds
• Policy engine helps monitor for compliance
• Baseline Windows® and Linux® server and application configs and
alert and report on changes
• Detect, alert, and report on changes with hardware inventory, registry
entries, binary and text files, software inventory, IIS configuration files,
and script outputs
• Monitor databases for unauthorized changes
• Track server hardware and software inventory
Network Performance Monitor
• Trend utilization for capacity planning
• Monitor network health and availability
• Identify protocol latency delays

13@solarwinds
FISMA and STIGs
Security Controls and
Compliance Review

14@solarwinds
FISMA Security Controls Where We Can Help
Access controls
• Most of these controls will be implemented at the policy or device level
• Security Event Manager (SEM) can help audit and monitor for potential changes, for
example:
• SEM can assist with AU2(12): “Atypical Usage” by looking for logon activity or patterns that
are outside your environment norms
• SEM can help satisfy AU-2(2): Automated Auditing for creation, modification, enabling,
disabling, and removal
• Network Configuration Manager (NCM) can help you monitor/manage configurations,
real-time changes, or identify violations when it comes to network systems
Audit and accountability
• SEM can help satisfy some controls directly, for example:
• AU-5: Audit Processing Failures - SEM generates events when there are processing failures
• AU-8: Time Stamps - SEM satisfies this control and also uses timestamps provided by log
sources
• NCM tracks who requested the configuration change, or who made the change directly

15@solarwinds
FISMA Security Controls Where We Can Help (cont’d)
Configuration management
• NCM can satisfy some controls directly, and includes prebuilt templates for compliance
with configuration policies for network devices
• Patch Manager (Patch) and SEM can also help in a few key areas
Incident response
• SEM provides some help when it comes to incident generation and investigation
• Users can also leverage active response to provide in-the-moment capabilities to deal
with incidents as they occur, such as:
• IR-4: Incident Handling - SEM can support this, including IR-4(4) information correlation, IR-
4(5) automatic disabling of information system, and IR-4(9) dynamic response capability
• IR-5: Incident Monitoring - SEM can generate incidents from correlated activities, and this
information can be tracked and stored
• NCM utilizes real-time configuration checking to auto-download/notify when there have
been changes to device configurations

16@solarwinds
System maintenance
• SEM can help alert when logs don't seem to be according to expected maintenance
policies
• When it comes to network devices, NCM helps with controlling and managing
configuration approvals, and keeping a history of past configurations, noting when the
change occurred
Media protection
• SEM's USB Defender® feature can help with automated controls of removable devices
Security planning
• SEM can be used to centrally manage auditing and monitoring, and supports defense-
in-depth techniques
• NCM Approval allows an approval authority before making changes affecting the
network

17@solarwinds
Personnel security
• A lot of this control area is external and policy-related, but SEM can be used to ensure
what should happen actually did (i.e., trust, but verify)
Risk assessment
• SEM and Patch both help with vulnerability scanning
• Patch can notify or auto-update missing patches on affected systems
System and communication protection
• Many of our solutions help detect Denial of Service attacks
• We also offer tools to support boundary protection and VoIP
System and information integrity
• SEM helps with this control by providing system, software, firmware, and file integrity
monitoring
• There are also a couple of other smaller areas of note

18@solarwinds
DISA STIGs Compliance Where We Can Help
DISA STIGs and NIST FISMA reports ship with NCM to help IT pros improve
compliance
SEM has a range of features to support DISA STIGs compliance
• Supports DISA STIGs compliance via our real-time monitoring of related
events across systems, network devices, applications, and security tools
• Supports configuration auditing, including logs of relevant STIGs best
practices, configuration changes, installation of unapproved software,
and more
• Many of SEM’s out-of-the-box rules can be used to address STIGSs
• SEM also includes DISA STIGs and FISMA compliance reports

19@solarwinds
Risk Management
Framework and
Compliance Review

20@solarwinds© 2020 SolarWinds Worldwide, LLC. All rights reserved.
RMF Step SolarWinds Products Features
Step 1 – CATEGORIZE Information Systems Network Performance Monitor
Server & Application Monitor
Web Help Desk
Hardware/Software Discovery
Asset Inventory
Software Inventory
Step 2 – SELECT Security Controls Network Configuration Manager
User Device Tracker
Vulnerability Scanning
Configuration Compliance
Continuous Monitoring
Rogue Device Detection
Step 3 – IMPLEMENT Security Controls Network Configuration Manager
Patch Manager
Patch Updates
STIG Compliance
Step 4 – ASSESS Security Controls Access Rights Manager
Patch Manager
Access Rights Management
Monitoring Event Logs
Patch Updates
Step 5 – AUTHORIZE Information Systems Network Configuration Manager
Patch Manager
Reports
Step 6 – MONITOR Security Controls Security Event Manager
Network Performance Monitor
Server & Application Monitor
Log Monitoring
Network Monitoring
Configuration Monitoring
Application Monitoring

21@solarwinds
DEMO

22@solarwinds
Q&A
Call government sales:
877.946.3751
Contact federal sales:
federalsales@solarwinds.com
Contact state and local
government sales:
governmentsales@solarwinds.com
Contact education sales:
educationsales@solarwinds.com

23@solarwinds
Resources to Help Reduce Vulnerabilities
Review a blog on FISMA requirements:
https://www.solarwinds.com/federal-government/solution/fisma-compliance-requirements
Review a blog on how SolarWinds software can help with CIS controls:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2017/08/18/solarwinds-and-cis-critical-
security-controls
Review a blog on how SolarWinds software can help with NIST FISMA/RMF compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2015/08/01/fisma-nist-800-53-
compliance-with-solarwinds-products
Review a blog on how SolarWinds software can help with DISA STIGS compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2011/09/07/disa-stig-compliance-with-
log-event-manager
Watch a federal security compliance video:
http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html
Download a compliance white paper:
https://try.solarwinds.com/gov/whitepapers/ultimate-guide-federal-it-compliance
Download a continuous monitoring white paper:
https://try.solarwinds.com/gov/whitepapers/daily-federal-compliance-and-continuous-cybersecurity-monitoring

24@solarwinds
THANK
YOU

25@solarwinds
Contact Us
• Call government sales: 877.946.3751
• Email SolarWinds federal government sales: federalsales@solarwinds.com
• Email SolarWinds state and local government sales:
governmentsales@solarwinds.com
• Email SolarWinds education sales: educationsales@solarwinds.com
• Visit our THWACK® government group: http://thwack.com/government
• Watch a short demo video: http://demo.solarwinds.com/sedemo/
• Download a free trial: http://www.solarwinds.com/downloads/
• Visit our government website: http://www.solarwinds.com/government
• Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-
government
Let us know how we can help you

26@solarwinds
Who We Are
#1
in Network
Management1
320,000+
customers in 190
countries3
55+
IT management
products
22,000+ MSPs serving
450,000+
organizations
Every branch of the DoD, and
nearly every civilian and
intelligence agency
150,000+ registered members of THWACK®, our global IT community
Founded in 1999
More than 3,200
employees globally
Austin, TX headquarters
Reston, VA government office
30+ offices globally
Leader
in Remote Monitoring
and Management
#3
in ITOM Performance
Analysis2
Growing
Security
Portfolio
499 of
Fortune 500®
1. IDC-defined Network Management Software functional market, IDC’s Worldwide Semiannual Software Tracker, October 15, 2020.
2. Gartner, Market Share Analysis: ITOM Performance Analysis Software, Worldwide, 2019. June 17, 2020. (AIOps/ITIM/Other Monitoring Tools Software Market). SolarWinds term, Systems Management, refers to the AIOps/ITIM/Other Monitoring Tools
Software Market Taxonomy referenced in the Gartner report. All statements in this report attributable to Gartner represent SolarWinds interpretation of data, research opinion, or viewpoints published as part of a syndicated subscription service by
Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact and
are subject to change without notice.
3. Customers are defined as individuals or entities that have an active subscription for our subscription products or that have purchased one or more of our perpetual license products since our inception under a unique customer identification number.
We may have multiple purchasers of our products within a single organization, each of which may be assigned a unique customer identification number and deemed a separate customer.

27@solarwinds
The SolarWinds, SolarWinds & Design, Orion, and THWACK
trademarks are the exclusive property of SolarWinds Worldwide,
LLC or its affiliates, are registered with the U.S. Patent and
Trademark Office, and may be registered or pending registration
in other countries. All other SolarWinds trademarks, service
marks, and logos may be common law marks or are registered or
pending registration. All other trademarks mentioned herein are
used for identification purposes only and are trademarks of (and
may be registered trademarks) of their respective companies.

Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds

Semelhante a Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds (20)

Mais de SolarWinds

Mais de SolarWinds (13)

Último

Último (20)

Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds

Notas do Editor