Software Engineering Institute

Traditional approaches to risk and compliance management rely primarily on interviews, manual data collection, and static snapshots of evidence. This labor-intensive process results in a disjointed and out-of-date picture of an organization’s risk and compliance posture with little actual security value. Applying Big Data technologies takes a data-driven approach to automate this process based on real-time events collected from the IT assets of the enterprise. This presents a more cohesive and up-to-date picture that can provide real security value. In this presentation, we will discuss and demonstrate our solution built on the Splunk Big Data platform with analytics for monitoring and assessing the NIST 800-53 Rev 4 security controls and an integrated workflow based on the NIST Risk Management Framework (RMF). Our solution integrates with any cyber security tool, application, device, or platform from on-premises or in the cloud to provide a real-time, single source of truth about an organization’s actual security state. We will discuss how this solution augments traditional assessment methodologies with real-time technical data to provide a more accurate, up-to-date understanding of security control effectiveness. We will present the architecture of our solution, describe the typical data sources needed to cover the security domains in NIST 800-53, highlight the key challenges in implementing such a solution, tell how we addressed them, and demonstrate how our solution realizes the objective of Ongoing Assessment and Authorization described in the NIST Risk Management Framework.