Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds

RMF, DISA STIGS, AND NIST
FISMA COMPLIANCE USING
SOLARWINDS®
Sean Martinez, Senior Federal Sales Engineer
sean.martinez@solarwinds.com
512-682-9554 (office)
Omar Rafik, Senior Federal Sales Engineer
omar.rafik@solarwinds.com
703-386-2626 (office)

AGENDA
• SolarWinds Overview
• Compliance and SolarWinds Solution Overviews
• FISMA Security Controls and Compliance Review
• SolarWinds Compliance Product Demonstrations
• Questions and Answers
2
The power to manage IT
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

SOLARWINDS OVERVIEW
• Over 150,000 customers in 170 countries;
SMB to Fortune 500®
• More than 425 of the Fortune 500 are
customers
• Every branch of DOD and virtually every
Civilian and Intelligence agency
• Forbes® named SolarWinds #11 on its list
of America's Best Small Companies in
2014
• Headquarters in Austin, TX
• Federal Office in Herndon, VA
• 1800+ employees worldwide
3
The power to manage IT
User
Experience

Product Mission: Enable IT & DevOps pros to proactively and reactively monitor, alert, troubleshoot and
resolve issues quickly
Product Principles: Fast, Easy and Affordable
WHAT WE OFFER TODAY
Building towards our future
Network
Management
Performance
Configuration
IP Address
VoIP
Systems and
App Management
Servers & Apps
Virtualization
Storage
Database
Management
Database
Performance
Tools
Remote
Troubleshooting
Web Help Desk®
Topology
Mapping
Security
Management
Log & Event
Patch
Configuration
• MySQL®
• Oracle®
• SQL Server®
• DB2®
• SAP® ASE
Device Tracking Secure File
Transfer
Web
Performance
4© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

COMPLIANCE AND SOLARWINDS
SOLUTION OVERVIEWS
5

• The implementation of National Institute of Standards and Technology (NIST) Federal Information
Security Management Act (FISMA) is designed to protect the nation’s critical infrastructure
o Provides standards for categorizing IT systems by mission impact (FIPS 199)
o Establishes minimum security standards for data and IT systems (FIPS 200)
o Establishes baseline security controls and provides guidance for selecting, implementing, and assessing
security controls and assuring their effectiveness (SP 800-53)
• The Risk Management Framework (RMF) provides a framework that combines IT security and risk
management into the systems development lifecycle (SP 800-37)
o DOD has adopted the 6-step RMF to transform the traditional C&A process
o Categorize your IT assets and identify critical infrastructure
o Implement security controls and assess that they are implemented correctly
o Operate assets and monitor effectiveness and vulnerabilities of security controls
COMPLIANCE OVERVIEW
6

• DOD mandates usage of Security Technical Implementation Guides (STIGS) to standardize secure
infrastructure installation and maintenance; these guides were developed by DISA to reduce
vulnerability
o Create an inventory of all systems and software in order to determine which STIGS to apply
o Monitor configurations and produce compliance reports
o Manage configurations to achieve and maintain compliance
• And, let’s not forget about dreaded AUDITS, including DISA Command Cyber Readiness Inspections
(CCRI), and OMB/GAO audits
o Preparing for an audit requires considerable documentation and compliance reporting
o Audits require detailed knowledge of networked hardware and applications, including asset inventories,
locations, configurations, access privileges, and vulnerabilities
o Which systems are being attacked, and are any still compromised?
o IT Pros need to be able to quickly respond to auditor inquiries and provide accurate details
COMPLIANCE OVERVIEW (CONT’D)
7

SOLARWINDS COMPLIANCE AND SECURITY SOFTWARE OVERVIEW
Monitor security and compliance of your IT infrastructure
• Real-time security information and event
management (SIEM) software
• Centralized patch management for
Windows® desktops, laptops, and servers
• Centralized network device change and
configuration management
• Automated device tracking and switch port
management
• Centrally manage IP infrastructure and
isolate users/devices from the network
• Secure file transfer and file sharing
Log & Event
Manager
Patch
Manager
Serv-U®
Secure File
Transfer
Network
Configuration
Manager
IP Address
Manager
8© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
User Device
Tracker
More information- http://www.solarwinds.com/federal_government/solution/cyber-security.aspx

SOLARWINDS COMPLIANCE FEATURES
9
• Automate patching of Microsoft® and 3rd party
applications to improve compliance
• Schedule patches for minimum downtime
• Inventory software and physical components per
server or workstation
Patch Manager
• Inventory network device configurations, assess
configurations for compliance, and automate
change and configuration management
• Implement configuration of security controls and
assure their effectiveness
• Produce FISMA and STIGS reports from
configuration templates
• Produce audit documentation and reports
Network Configuration Manager
• Configure correlation rules to help assure
effectiveness of security controls
• Real-time and continuous monitoring of security
controls
• Produce FISMA and STIGS compliance reports from
templates
• Supports STIG requirements for configuration
auditing, log analysis and broader network security
• Tracks and report suspicious activities/attacks to
provide auditing support
Log & Event Manager
• Trend utilization for capacity planning
• Track multicast or firewall port discards
• Monitor network health and availability
• Identify protocol latency delays
• Produce audit documentation and reports
Network Performance Monitor

FISMA SECURITY CONTROLS
AND COMPLIANCE REVIEW
10

• Access Controls
o Most of these controls will be implemented at the policy or device level
o Log & Event Manager (LEM) can help audit and monitor for potential changes, for example
• LEM can assist with AU2(12): “Atypical Usage” by looking for logon activity or patterns that are
outside your environment norms
• LEM can help satisfy AU-2(2): Automated Auditing for creation, modification, enabling, disabling,
and removal
o Network Configuration Manager (NCM) can help you monitor/manage configurations, real-time
changes, or identify violations when it comes to network systems
• Audit and Accountability
o LEM can help satisfy some controls directly, for example
• AU-5: Audit Processing Failures- LEM generates events when there are processing failures
• AU-8: Time Stamps- LEM satisfies this control and also uses timestamps provided by log sources
o NCM tracks who requested the configuration change, or who made the change directly
FISMA SECURITY CONTROLS WHERE WE CAN HELP
11

• Configuration Management
o NCM can satisfy some controls directly, and includes prebuilt templates for compliance with
configuration policies for network devices
o Patch Manager (Patch) and LEM can also help in a few key areas
• Incident Response
o LEM provides some help when it comes to incident generation and investigation
o Users can also leverage active response to provide in-the-moment capabilities to deal with
incidents as they occur, such as
• IR-4: Incident Handling- LEM can support this, including IR-4(4) information correlation, IR-4(5)
automatic disabling of information system, and IR-4(9) dynamic response capability.
• IR-5: Incident Monitoring- LEM can generate incidents from correlated activities, and this
information can be tracked and stored
o NCM utilizes real-time configuration checking to auto download/notify when there have been
changes to device configurations
FISMA SECURITY CONTROLS WHERE WE CAN HELP (CONT’D)
12

• System Maintenance
o LEM can help alert when logs don't seem to be according to expected maintenance policies
o When it comes to network devices, NCM helps with controlling and managing configuration
approvals, and keeping a history of past configurations, noting when the change occurred
• Media Protection
o LEM's USB-Defender® feature can help with automated controls of removable devices
• Security Planning
o LEM can be used to centrally manage auditing and monitoring, and supports defense-in-depth
techniques
o NCM Approval allows an approval authority before making changes affecting the network
13

• Personnel Security
o A lot of this control area is external and policy-related, but LEM can be used to ensure what
should happen actually did (i.e. trust, but verify)
• Risk Assessment
o LEM and Patch both help with vulnerability scanning
o Patch can notify or auto update missing patches on affected systems
• System and Communication Protection
o Many of our solutions help detect Denial of Service attacks
o We also offer tools to support boundary protection and VoIP
• System and Information Integrity
o There are a good number of areas where LEM helps with this control specific to auditing (aside
from the normal steps for compliance)
o There are also a couple of other smaller areas of note
14

• DISA STIG and NIST FISMA reports ship with NCM to help IT Pros improve compliance
• LEM has a range of features to support STIG compliance
o Supports DISA STIG compliance via our real-time monitoring of related events across systems,
network devices, applications, and security tools
o Supports configuration auditing, including logs of relevant STIG best practices, configuration
changes, installation of unapproved software, and more
o Many of LEM’s out of the box rules can be used to address STIGS
o LEM also includes STIG and FISMA compliance reports
DISA STIG COMPLIANCE AND WHERE WE CAN HELP
15

• Review our NIST FISMA/RMF compliance blog:
https://thwack.solarwinds.com/community/solarwinds-community/product-
blog/blog/2015/08/01/fisma-nist-800-53-compliance-with-solarwinds-products
• Review our DISA STIGS compliance blog: https://thwack.solarwinds.com/community/solarwinds-
community/product-blog/blog/2011/09/07/disa-stig-compliance-with-log-event-manager
• Watch a Federal Security Compliance video:
http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html
• Download a SIEM whitepaper:
http://www.solarwinds.com/resources/whitepaper/siem-speeds-time-to-resolution.html
• Download a Continuous Monitoring whitepaper:
http://go.solarwinds.com/fedcyberWP?=70150000000Plgf
16
COMPLIANCE RESOURCES
Let us know how we can help you

SOLARWINDS COMPLIANCE
PRODUCT DEMONSTRATIONS
17

Contact Us:
SolarWinds
Call: 877-946-3751
Email: federalsales@solarwinds.com
Q & A
18

• Watch short demo videos: http://demo.solarwinds.com/sedemo/
• Download a free trial: http://www.solarwinds.com/downloads/
• Visit our Federal website: http://www.solarwinds.com/federal
• Call the SolarWinds Federal sales team: 877-946-3751
• Email federal sales: federalsales@solarwinds.com
• Visit our THWACK® government group: http://thwack.com/government
• Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-government
19
ADDITIONAL RESOURCES
Let us know how we can help you

The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide,
LLC, and its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or
pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be
common law marks, registered or pending registration in the United States or in other countries. All other
trademarks mentioned herein are used for identification purposes only and may be or are trademarks or
registered trademarks of their respective companies.

Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (15)

Similar to Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds

Similar to Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds (20)

More from SolarWinds

More from SolarWinds (20)

Recently uploaded

Recently uploaded (20)

Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds

Editor's Notes