FISMA/NIST 800-53 Compliance

The information system enforces assigned authorizations for controlling access to the system in accordance with applicable policy.

Logcollect  collects all access activities which get generated in the system. Logcollect  reports provide easy and independent review of access control settings and enforcement.

The information system enforces separation of duties through assigned access organizations.

Logcollect  collects information from production access control systems to help define role usage requirements, determine attempts to cross role boundaries, and changes to configurations that can affect separation of duties.

The organization employs the concept of least privilege for specific duties and information systems (including specific ports, protocols, and services) in accordance with risk assessments as necessary to adequately mitigate risk to organizational operations, organizational assets, and individuals.

Logcollect  monitors activities of both users and systems to assist in determining necessary access, frivolous access, and resource needs of production systems. Review of activities such as network connections, application access, and system logons can help identify appropriate and inappropriate use according to policy.

The information system enforces a limit of specific number of consecutive invalid access attempts by a user within a certain time period. The information system automatically locks the account for a specified time period and delays next login prompt after a set timeframe has expired.

Logcollect  collects all authentication activities which get generated in the system. Logcollect  reports provide easy and standard review of unsuccessful login attempts to systems and applications. Logcollect  alerts can detect & report on multiple unsuccessful login attempts.

The organization authorizes, monitors, and controls all methods of remote access to the information system.

Logcollect  collects all account management activities which get generated in the system. Logcollect  reports provide easy and standard review of all account management activities.

The organization:

• Establishes usage restrictions and implementation guidance for wireless technologies; and
• Authorizes, monitors, controls wireless access to the information system.

Logcollect  collects all access activities which get generated in the system. Logcollect  reports provide easy and independent review of access control settings and enforcement.

The organization:

• Establishes usage restrictions and implementation guidance for organization-controlled portable and mobile devices; and
• Authorizes, monitors, and controls device access to organizational information systems.

Logcollect  entity and network definitions allow for correlation and event monitoring based on location relative to the organizational networks, to determine inbound, outbound, and local network traffic. Remote access and usage activities from mobile devices can be monitored by observation of the logs from authentication systems, security systems and production servers.

The organization establishes terms and conditions for authorized individuals to:

• Access the information system from an external information system; and
• Process, Store, and/or transmit organization controlled information using an external information system.

Logcollect  collects remote access activities which get generated in the system. Logcollect  analysis facilities and reports provide easy and independent review of external access to information systems.

The information system alerts designated organizational officials in the event of an audit processing failure.

Logcollect  provides support for NIST 800-53 control enhancement AU-5.

• By completely automating the process of centrally collecting and retaining all audit log messages. Logcollect  core functionality provides alerting for audit storage over utilization. Logcollect  also provides direct support for NIST 800-53 control enhancement AU-5.
• By collecting and analyzing audit processing failure logs. Logcollect  provide alerting on processing failure activity including audit log clearing, audit logging stoppage, and failed audit log writes. Logcollect  investigations, reports, and details provide evidence of audit processing failure activity including audit log clearing, audit logging stoppage, and failed audit log writes.

The organization regularly reviews/analyzes information system audit records for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, report findings to appropriate officials, and takes necessary actions.

Logcollect  provides centralized monitoring, analysis, and reporting of audit activity across the entire IT infrastructure. Logcollect  automates the process of identifying high-risk activity and prioritizes based on asset risk. High-risk activity can be monitored in real-time or alerted on. Logcollect  reports provide easy and standard review of inappropriate, unusual, and suspicious activity

The information system provides an audit reduction and report generation capability.

Logcollect  policy based log processing capabilities provide automatic audit log reduction. “Interesting” audit logs can be forwarded as events for immediate monitoring and/or alerting. “Uninteresting” audit logs can be filtered out and/or retained at an archive-only level. Logcollect  analysis and reporting facilities provide aggregated views of audit data providing further audit reduction. Logcollect  provides extensive report generation capabilities.

The information system provides time stamps for use in audit record generation.

Logcollect  collects all user access events logs in real-time and retains the date and time stamp in which they occurred.

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Logcollect  provides central and secure storage of all audit log data.

The organization retains audit records for an appropriate time period to provide support for after the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

Logcollect  completely automates the process and requirement of collecting and retaining audit logs. Logcollect  retains logs in compressed archive files, easy-to-manage, long-term storage. Log archives can be restored quickly and easily months or years later in support of after-the-fact investigations.

The organization monitors open source information for evidence of unauthorized ex-filtration or disclosure of organizational information.

Logcollect  provides support for NIST 800-53 control requirement AU-13 by utilizing the feature of the Windows System Monitor. Logcollect  independently monitors and logs the connection and disconnection of external data devices to the host computer where the Agent is running. Also monitors and logs the transmission of files to an external storage device. It can be configured to protect against external data device connections by ejecting specified devices upon detection. External USB drive storage devices include Flash/RAM drives and CD/DVD drives.

The organization authorizes all connections from the information system to other information systems outside of the accreditation boundary through the use of system connection agreements and monitors/controls the system connections on an ongoing basis.

Logcollect  can collect network device logs and also Logcollect ’s Network Connection Monitoring feature will identify the network connections established. Logcollect ’s analysis & reporting capabilities can be used for reviewing network activity to ensure only authorized communications occur. Logcollect  alerts can be used for detecting unauthorized communications.

The organization monitors the security controls in the information system on an ongoing basis.

Logcollect  monitoring, analysis, and reporting capabilities provide for continuous monitoring of specific controls across the IT infrastructure. For instance, Logcollect  alerts can detect the use of restricted accounts.

The organization monitors changes to the information system conducting security impact analyses to determine the effects of the changes.

Logcollect  monitoring capability can be used to detect the following changes to the file system:

• Additions
• Deletions
• Modifications
• Permissions

Logcollect  analysis & reporting capabilities can be used for monitoring configuration changes. Logcollect  alerting can be utilized to detect and notify of changes to specific configurations.

The organization:

• approves individual access privileges and enforces physical and logical access restrictions associated with changes to the information system; and
• Generates, retains, and reviews record reflecting all such changes

Logcollect  collects all access activity and changes to access controls. Logcollect  reports provide easy and independent review of access control settings and enforcement.

The organization: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.

Logcollect  provides support for NIST 800-53 control requirement CM-6 by collecting and analyzing all configuration change logs. Logcollect  provide alerting on configuration/policy changes on critical systems. Logcollect  investigations, reports, and details provide evidence of configuration/policy changes.

The organization enforces explicit rules governing the installation of software by users.

Logcollect  monitoring, analysis, and reporting capabilities provide for continuous monitoring of specific controls across the IT infrastructure. For instance, Logcollect  alerts can detect the use of restricted accounts.

The information system uniquely identifies and authenticates before establishing a connection.

Logcollect  provides support for NIST 800-53 control requirements IA-3 by collecting and analyzing all authentication logs. Logcollect  provide alerting on vendor default account authentications. Logcollect  investigations, reports, and details provide evidence of all account authentication activity including those from vendor default accounts.

The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).

Logcollect  provides support for NIST 800-53 control requirements IA-8 by collecting and analyzing all authentication logs. Logcollect  provide alerting on vendor or 3rd party account authentication failures. Logcollect  investigations, reports, and details provide evidence of all account authentication activity including those from vendor or 3rd party accounts.

The organization tracks and documents information system security incidents.

Logcollect  provides direct support for NIST 800-53 control requirements IR-5 by providing security incident tracking and documentation through the  management interface.

The organization promptly reports incident information to appropriate authorities.

Logcollect  notification capabilities can route alerts to the appropriate individual based on group membership or relationship to the impacted system. Logcollect  reports provide summary and detail level reporting of incident based alerts.

The organization provides an incident response support resource that offers advice and assistance to users of the information system for the handling and reporting of security incidents. The support resource is an integral part of the organization’s incident response capability.

Logcollect  integrated knowledge base provides information useful in responding to and resolving incidents.

The organization authorizes, monitors, and controls any remotely executed maintenance and diagnostic activities, if employed.

Logcollect  can identify maintenance related activity for analysis and/or reporting. Logcollect  reports provide easy review of remotely executed maintenance activity.

The organization allows only authorized personnel to perform maintenance on the information system.

Logcollect  can identify maintenance related activity for analysis and/or reporting. Logcollect  reports provide easy review of maintenance activity.

The organization controls physical access to information system output devices to prevent unauthorized individuals from obtaining the output.

Logcollect  provides support for NIST 800-53 control requirement MP-2 by utilizing the feature of the Windows System Monitor. Logcollect ’s monitors and logs the connection and disconnection of external data devices to the host computer where the Agent is running, also monitors and logs the transmission of files to an external storage device. Logcollect  can be configured to protect against external data device connections by ejecting specified devices upon detection. External USB drive storage devices include Flash/RAM drives and CD/DVD drives.

The organization monitors physical access to the information system to detect and respond to physical security incidents.

Logcollect  can collect log messages from physical access devices (i.e. Card Key) for analysis and reporting.

The organization reviews information systems/facilities access authorizations when personnel are reassigned or transferred to other positions within the organization and initiates appropriate actions.

Logcollect  reports provide easy review of transferred personnel to ensure access rights have been terminated and/or appropriately modified.

The organization Monitors provider compliance.

Logcollect  provides support for NIST 800-53 control requirement PS-7 by collecting both physical and logical access control log messages. Logcollect  investigations, reports, and details provide evidence of revocation of cyber/physical access including access revocation, account deletion/modification, account disabling, and account locking for 3rd parties.

The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system.

Logcollect  can collect boundary device logs from routers, firewalls, VPN servers, etc. Logcollect  can alert on unauthorized or suspicious activity. Logcollect  reports provide a consolidated review of internal/external boundary activity and threats.

The information system prohibits remote activation of collaborative computing mechanisms and provides an explicit indication of use to the local users.

Logcollect  will be able to identify report and/or alert on the initiation of specific collaborative computing activity.

The organization:

• Establishes usage restrictions and implementation guidance for mobile code technologies based on the potential to cause damage to the information system if used maliciously.
• Authorizes, monitors, and controls the use of mobile code within the information system.

Logcollect  will be able to identify report and/or alert on specific mobile code activity.

The organization:

• Establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously.
• Authorizes, monitors, and controls the use of VoIP within the information system.

Logcollect  will be able to identify report and/or alert on specific VoIP activity.

The information system protects the confidentiality and integrity of information at rest.

Logcollect  provides supplemental support for NIST 800-53 control requirement SC-28 by providing details of changes to information at rest. Logcollect  can be configured to monitor system file or directory activity, deletions, modification, and permission changes.

The organization:

• Employs malicious code protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code:
  – Transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means; or
  – Inserted through the exploitation of information system vulnerabilities;
• Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures;
• Configures malicious code protection mechanisms to:
  – Perform periodic scans of the information system and real-time scans of files from external sources as the files are downloaded, opened, or executed in accordance with organizational security policy
  – Block malicious code; quarantine malicious code; send alert to administrator in response to malicious code detection

Logcollect  provides support for NIST 800-53 control requirement SI-3 by collecting log messages from antivirus software and other anti-malware tools. Logcollect  provide alerting on antivirus critical/error conditions, malware infections, and signature update failures. Logcollect  investigations, reports, and tails provide evidence of antivirus activity, malware infections, and signature update failures/successes. Logcollect  independently monitors and logs the connection and disconnection of external data devices to the host computer where the Agent is running. Also monitors and logs the transmission of files to an external storage device. It can be configured to protect against external data device connections by ejecting specified devices upon detection. External USB drive storage devices include Flash/RAM drives and CD/DVD drives.

Information system monitoring capability is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, audit record monitoring software, network monitoring software).

Monitoring devices are strategically deployed within the information system to collect essential information. Monitoring devices are also deployed at ad hoc locations within the system to track specific transactions. Additionally, these devices are used to track the impact of security changes to the information system.

Logcollect  can collect logs from IDS/IPS systems, A/V systems, firewalls, and other security devices. Logcollect  provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Logcollect  can correlate activity across user, origin host, impacted host, application and more. Logcollect  can be configured to identify known bad hosts and networks. Logcollect ’s Personal Dashboard provides customized real-time monitoring of events and alerts. Logcollect ’s Investigator provides deep forensic analysis of intrusion related activity. Logcollect ’s integrated knowledge base provides information and references useful in responding to and resolving intrusions.

The organization receives information system security alerts/advisories on a regular basis, issue alerts/ advisories to appropriate personnel, and takes appropriate actions in response.

Logcollect  can alert on specific intrusion related activity. Users can be notified based on department or role. Logcollect ’s integrated knowledge base provides information and references useful in responding to and resolving intrusions.

The information system detects and protects against unauthorized changes to software and information.

Logcollect  monitoring capability can be used to detect the following changes to the file system:

• Additions
• Deletions
• Modifications
• Permissions

This capability can be used to detect unauthorized changes to software and information.

The organization employs spam protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and take action on unsolicited messages transported by electronic mail, electronic mail attachments, web accesses, or other common means.

Logcollect  provides support for NIST 800-53 control requirement SI-8 by collecting and analyzing SPAM logs. Logcollect  investigations, reports, and details provide evidence of SPAM protection activity.

The information system identifies potentially securityrelevant error conditions.

Logcollect  provides support for NIST 800-53 control requirement SI-11 by collecting and analyzing all error logs. Logcollect  provide alerting on security related critical errors. Logcollect  investigations, reports, and details provide evidence of security related errors, process shutdowns, and system shutdowns.