Supporting Contractors with NIST SP 800-171 Compliance

Supporting Contractors with
NIST SP 800-171 Compliance
Federal Webinar
June 20, 2017

• Carlos Ortiz, Federal Account Executive
carlos.ortiz@solarwinds.com
703.386.2613 (office)
• Jamie Hynds, Senior Product Manager
jamie.hynds@solarwinds.com
512.498.6272 (office)
SolarWinds Introductions
© 2017 SolarWinds Worldwide, LLC. All Rights Reserved.

Agenda
• SolarWinds Overview
• Compliance and SolarWinds® Solution Overviews
• 800-171 Security Controls and Compliance Review
• Security and Compliance Product Demonstrations
• Questions and Answers

SolarWinds Overview
• Over 250,000 customers in 170 countries; SMB to
Fortune 500®
• More than 425 of the Fortune 500 are customers
• Every branch of DOD and virtually every civilian
and intelligence agency
• Recognized as the global market share leader in
Network Management Software in the IDC
Worldwide Semi-Annual Software Tracker 1H 2016
• Headquarters in Austin, TX
• Federal Office in Herndon, VA
• 2,200+ employees worldwide
User
Experience

Market Leader in Network Management Software
SolarWinds leads in market share in 1H 2016 IDC Worldwide Semi-Annual Software Tracker

Our Vision
Manage all things in a hybrid world
• Regardless of where the
applications and underlying
infrastructure are deployed
• Regardless of where our
management products
need to be deployed
• While continuing to take a
user-centric approach –
only buy what you need,
when you need it
Manage All Things IT

Security
Management
Log & Event
Patch
Product Mission: Enable IT & DevOps pros to
proactively and reactively monitor, alert,
troubleshoot and resolve infrastructure issues
What We Offer Today
Building towards our future
Network
Management
Performance
Configuration
IP Address
VoIP
Systems and
App Management
Servers & Apps
Virtualization
Storage
Database
Management
Database
Performance
Tools
Remote
Troubleshooting
Web Help Desk®
Topology
Mapping
Configuration
• MySQL®
• Oracle®
• SQL Server®
• DB2®
• SAP® ASE
Device Tracking Secure File
Transfer
Web
Performance
Product Principles: Fast (accessible
immediately), Easy (best in class UX) and
Affordable (starting price for agencies of all sizes)

How We Deliver Our Vision
SolarWinds Orion Platform

SolarWinds Federal Partial Systems Integrator Client List
• Accenture Federal Services
• AIRINC
• AT&T
• BAE Systems
• Bechtel
• Boeing
• Booz Allen Hamilton
• CACI International
• CGI Federal
• Computer Science Corporation (CSC)
• CSRA
• DXC (HPE)
• DynCorp International
• Engility
• General Dynamics
• Harris
• IBM Federal
• Jacobs Federal
• L-3 Technologies
• Leidos
• Lockheed Martin
• ManTech International
• MITRE
• Northrop Grumman
• Raytheon
• SAIC
• Serco
• Verizon Federal
• World Wide Technology

Compliance and SolarWinds
Solution Overviews

Compliance Overview
• Designed to protect the nation’s critical infrastructure
• Standardization for categorizing IT systems by mission impact (FIPS 199)
• Security standards for data and IT systems (FIPS 200)
• Establishes baseline security controls and provides general guidance (SP 800-53)
• Requires protection of sensitive data on contractor information systems (SP 800-171)
Federal Information Security Management Act (FISMA) NIST: FISMA Background
• Risk Management Framework (RMF) supports the implementation of FISMA, is
mandatory for federal agencies, and has been widely adopted by the DOD (SP 800-37)
• The Framework for Improving Critical Infrastructure Cybersecurity (aka the Cybersecurity
Framework or NIST CSF) was developed, enhanced, and recently mandated for executive
departments and agencies by Presidential Executive Orders
Risk Management and Cybersecurity Frameworks

Compliance Overview (cont’d)
• Technical guidelines for infrastructure installation and maintenance developed by DISA
to reduce vulnerability
• Create an inventory of all systems and software to determine which DISA STIGs to apply
• Monitor configurations and produce compliance reports
• Manage configurations to achieve and maintain compliance
Security Technical Implementation Guides (STIGs)
• Preparing for an audit requires considerable documentation and reporting
• Audits require detailed knowledge of networked hardware and applications
(including asset inventories, locations, configurations, access privileges, and vulnerabilities)
• Which systems are being attacked, and are any still compromised?
• Staff need to respond quickly to auditor inquiries and provide accurate details
Compliance Audits

SolarWinds Security
Products overview
A SIEM that makes it easy to use
logs for security, compliance,
and troubleshooting
Log & Event Manager
Automated patching of
Microsoft® servers and third-
party applications
Patch Manager
Eliminate IP conflicts and save
time managing DHCP, DNS and IP
addresses
IP Address Manager
Automated device detection, tracking
and switch port management
User Device Tracker
Easy to use and secure file
transfer management
Serv-U® Secure File Transfer
Automated network
configuration and change
management software
Network Configuration Manager

SolarWinds Compliance Features
• Inventory network device configurations, assess configurations for
compliance, and automate change and configuration management
• Implement configuration of security controls and help assure effectiveness
• Produce FISMA and DISA STIGs reports from configuration templates
• Produce audit documentation and reports
Network Configuration Manager
• Configure correlation rules to help assure effectiveness of security controls
• Real-time and continuous monitoring of security controls
• Produce FISMA and DISA STIGs compliance reports from templates
• Supports DISA STIGs requirements for configuration auditing, log analysis,
and broader network security
• Tracks and report suspicious activities/attacks to provide auditing support
Log & Event Manager

SolarWinds Compliance Features
• Trend utilization for capacity planning
• Monitor network health and availability
• Identify protocol latency delays
• Produce audit documentation and reports
Network Performance Monitor
• Automate patching of Microsoft and third-party applications to help
improve compliance
• Schedule patches for minimum downtime
• Inventory software and physical components per server or workstation
Patch Manager

800-171 Security Controls and
Compliance Review

• Log & Event Manager (LEM) can help audit and monitor for potential changes—for example:
• 3.1.5: LEM can assist with auditing deviations from least privilege (real-time or via reports) and by
monitoring Active Directory® for unexpected privileges being assigned to a user
• 3.1.6: LEM monitors and audits privileged account usage for non-security functions
• 3.1.7: LEM audits the use of privileged functions in real-time or via reports
• 3.1.7: Network Configuration Manager (NCM) change approval features help ensure that
non-privileged users cannot use NCM to execute privileged functions without approval
• 3.1.8: LEM reports on unsuccessful logon attempts, as well as automatically locking user
accounts via the Active Response feature
• 3.1.12: LEM monitors and reports on remote logons; correlation rules can be configured to
alert and respond to unexpected remote access (e.g., after hours);
NCM audits how remote access is configured on your network devices, identifying
configuration violations, and remediating them
• 3.1.21: LEM can audit and restrict usage of portable storage devices with USB Defender®
Supporting 800-171 Security Compliance
Access Controls (3.1)

• LEM can help satisfy some controls directly—for example:
• 3.3.3: LEM helps with the review of audited events
• 3.3.4: LEM can generate alerts when agents go offline, the log storage database is low on
space, or when audit logs are cleared
• 3.3.5: LEM’s correlation engine and reporting assist with audit log reviews and help ensure that
administrators are alerted to indications of inappropriate, suspicious, or unusual activity
• 3.3.6: LEM analyzes event logs and generates scheduled or on-demand analysis reports
• 3.3.7: LEM helps synchronize system clocks through NTP server synchronization
• 3.3.8: LEM protects audit information and audit tools from unauthorized access and modification
• 3.3.9: LEM provides role-based access control, which limits access and functionality to a subset
of privileged users
Supporting 800-171 Security Compliance (cont’d)
Audit and Accountability (3.3)

• Configuration Management (3.4)
• 3.4.3: NCM’s real-time change detection, change approval management and tracking reports
can be used to detect, validate, and document changes to network devices;
LEM can monitor and audit changes to information systems
• 3.4.8: LEM can monitor for the use of unauthorized software, and can be configured to
automatically kill programs and services
• 3.4.9: LEM can audit and alert on software installations; Patch Manager (Patch) can inventory
machines and report on the software and patches installed
• Incident Response (3.6)
• LEM can help when it comes to incident generation, investigation, response, and reporting
• Maintenance (3.7)
• 3.7.6: LEM can report and audit the activities performed by maintenance personnel
• When it comes to network devices, NCM helps with controlling and managing configuration
approvals, and keeps a history of past configurations, noting when the change occurred

• Media Protection (3.8)
• 3.8.7: LEM's USB Defender feature can help with automated controls of removable devices
• Personnel Security (3.9)
• 3.9.2: LEM can audit usage of credentials of terminated personnel, validate that accounts are
disabled in a timely manner, and validate group/permission changes after a transfer
• Risk Assessment (3.11)
• 3.11.2: Patch can identify missing application patches on your Windows® machines;
NCM identifies risks to network security based on device configuration and leverages NIST
NVD to identify emerging threats in Cisco® ASA and IOS® devices
• 3.11.3: Patch can remediate software vulnerabilities on Windows machines via Microsoft and
third-party updates

• Security Assessment (3.12)
• 3.12.3: LEM can monitor event logs relating to information system security and perform
correlation, alerting, reporting, and more
• SolarWinds also has several other modules that support monitoring the health and
performance of your information systems and networks
• System and Communication Protection (3.13)
• 3.13.6: LEM can validate that traffic is being appropriated denied/permitted;
NPM and NTA can also be used to monitor traffic
NCM can provide reports to help with compliance and helps configure devices to policy
• 3.13.14: NPM, NTA and SolarWinds VoIP & Network Quality Manager can be used to monitor
VoIP traffic and ports
• System and Information Integrity (3.14)
• 3.14.4: Patch provides the ability to patch and update your systems
• 3.14.6: LEM can monitor inbound/outbound traffic, although NPM/NTA could be used to
detect unusual traffic patterns

• DISA STIGs and NIST FISMA reports ship with NCM to help IT pros improve compliance
• LEM has a range of features to support DISA STIGs compliance
• Supports DISA STIGs compliance via our real-time monitoring of related events across
systems, network devices, applications, and security tools
• Supports configuration auditing, including logs of relevant STIGs best practices, configuration
changes, installation of unapproved software, and more
• Many of LEM’s out-of-the-box rules can be used to address STIGSs
• LEM also includes DISA STIGs and FISMA compliance reports
DISA STIGs Compliance and Where We Can Help

Security and Compliance
Product Demonstrations

• Review a blog on how SolarWinds software can help with NIST 800-171 compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-
blog/blog/2017/06/07/nist-sp-800-171-compliance-with-solarwinds-products
• Review a blog on how SolarWinds software can help with NIST FISMA/RMF compliance:
blog/blog/2015/08/01/fisma-nist-800-53-compliance-with-solarwinds-products
• Review a blog on how SolarWinds software can help with DISA STIGS compliance:
blog/blog/2011/09/07/disa-stig-compliance-with-log-event-manager
• Watch a federal security compliance video:
http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html
• Download a SIEM white paper:
http://www.solarwinds.com/resources/whitepaper/siem-speeds-time-to-resolution.html
• Download a continuous monitoring white paper:
http://go.solarwinds.com/fedcyberWP?=70150000000Plgf
Compliance Resources

Thank You
Questions?
Contact Us:
SolarWinds Federal
Call– 877.946.3751
Email– federalsales@solarwinds.com

• Watch short demo videos: http://demo.solarwinds.com/sedemo/
• Download a free trial: http://www.solarwinds.com/downloads/
• Visit our Federal website: http://www.solarwinds.com/federal
• Call the SolarWinds Federal sales team: 877.946.3751
• Email federal sales: federalsales@solarwinds.com
• Visit our Success Center: https://support.solarwinds.com/Success_Center
• Visit our THWACK® government group: http://thwack.com/federal-and-government
• Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-government
Additional Resources
Let us know how we can help you
© 2017 SolarWinds Worldwide, LLC. All rights reserved. 26

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the
exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered
with the U.S. Patent and Trademark Office, and may be registered or pending
registration in other countries. All other SolarWinds trademarks, service marks,
and logos may be common law marks or are registered or pending
registration. All other trademarks mentioned herein are used for identification
purposes only and are trademarks of (and may be registered trademarks) of their
respective companies.
Trademark Notice

Supporting Contractors with NIST SP 800-171 Compliance

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Supporting Contractors with NIST SP 800-171 Compliance

Similar to Supporting Contractors with NIST SP 800-171 Compliance (20)

More from SolarWinds

More from SolarWinds (20)

Recently uploaded

Recently uploaded (20)

Supporting Contractors with NIST SP 800-171 Compliance

Editor's Notes