NIST 800-53 Compliance Solutions

National Institute of Standards and Technology (NIST 800-53) Compliance

The NIST Special Publication 800-53 provides organizations with a set of security controls “necessary to fundamentally strengthen their information systems and the environments in which those systems operate” and guidance on what controls to implement. 

How EiQ Helps

By providing 24/7/365 security monitoring and auditing, EiQ’s SOCVue Security Monitoring service helps organizations address NIST 800-53 security controls shown below, including Audit and Accountability (AU), Incident Response (IR), and System and Information Integrity (SI).

In addition, EiQ offers the SOCVue Vulnerability Management service, which provides vulnerability detection and remediation guidance designed to help address NIST controls for Vulnerability Scanning (RA-5)

Key NIST 800-53 Requirements Addressed by SOCVue Security Monitoring

Requirement

Description

How SOCVue Addresses

AC-2

Automated Audit Actions

SOCVue provides automated notifications to administrators upon the creation, modification, enabling, disabling, or removal of accounts.

AC-2

Account Monitoring/Atypical Usage

SOCVue provides reports on atypical usage of information system accounts to organization-defined personnel or roles.

AC-7

Unsuccessful Logon Attempts

SOCVue provides monitoring and alerting of unsuccessful logon attempts throughout the environment.

AU-2

Audit Events – Reviews and Updates

SOCVue log retention allows administrators to easily audit events.

AU-3

Content of Audit Records

SOCVue includes the collection audit event data from a wide variety of networked devices. Data in audit events contains but not limited to: event type, time of event, location of event, source of event, outcome of event, and identify of individuals associated with event.

AU-4

Audit Storage Capacity

SOCVue log retention has built-in compression, minimizing the amount of storage required to retain audit events.

AU-5

Response to Audit Processing Failures

SOCVue delivers administrative alerts that provide automated notifications in the event of an audit processing failure, which include alerts when allocated audit record storage volume reaches organization-defined percentage of repository maximum audit record storage capacity.

AU-6

Audit Review Analysis and Reporting

SOCVue provides an automated way to conduct audit event review, analysis, and reporting.

AU-6

Correlate Audit Responses

SOCVue allows the correlation of audit event data across multiple data silos to help identify suspicious activity and provide greater situational awareness.

AU-6

Central Review and Analysis

SOCVue provides a central repository for the review of all audit event data across the enterprise.

AU-6

Integration/Scanning and Monitoring Capabilities

SOCVue supports integration with various enterprise capabilities such as vulnerability scanners for correlation against audit event data to further enhance the ability to identify inappropriate or unusual activity.

AU-7

Audit Reduction and Report Generation

SOCVue provides on-demand audit review conducted by the EiQ SOC team. EiQ security analysts can search through millions of events and provide reports to ease after-the-fact investigations of security incidents.

AU-9

Protection of Audit Information

EiQ protects audit events against unauthorized access, modification, and deletion by utilizing AES encryption in back end data stores and ensuring that data cannot be accessed by unauthorized individuals.

AU-11

Audit Record Retention

SOCVue can utilize cloud storage, local storage, network attached storage, or storage area networks to meet data retention requirements

AU-12

Audit Generation

SOCVue includes audit report generation as needed, with the help of EiQ’s SOC team.

IR-4

Incident Handling

SOCVue will assist in the detection of security incidents and automate creation of tickets based upon a series of detected events.

IR-5

Incident Monitoring

SOCVue Portal provides a workflow to assist in tracking and documenting security incidents.

IR-6

Incident Reporting

SOCVue provides automated mechanisms to assist in the reporting of security incidents.

SI-4

Information System Monitoring

SOCVue will help with the detection of attack indicators and correlate information from various detection sources, providing a greater situational awareness.

Learn More About SOCVue Security as a Service

Let's Talk