SECURITY SECURITY

Introducing the Free Campus Compliance Toolkit for NIST 800-171

With the December 31st deadline for DOD research grants rapidly approaching, campuses across the country are diving into discussions around NIST 800-171 compliance. We at Splunk are committed in our mission to help higher education customers leverage the power of machine data to address challenges ranging from student retention to compliance.

For those of you who joined us in our booth at EDUCAUSE 2017, you saw how Splunk can help universities with achieving and evidencing NIST 800-171 compliance.  

What is NIST 800-171?

Just because certain government data isn’t classified doesn’t mean that it should be stolen in a cyberattack. In June 2015, the National Institute of Standards & Technology released NIST 800-171 which, simply put, is a minimum standard of care required of certain government data when that data is entrusted to someone outside of the government. An increasing number of government agencies are leveraging standards like NIST 800-171 to ensure the protection of data when shared with third parties.

The Department of Defense is the first to adopt NIST 800-171 widespread with the first deadline rapidly approaching December 31st. However, many government agencies are not far behind. The Department of Education strongly recommends that universities review the NIST 800-171 controls when considering their Title IV obligation to safeguard student information. Splunk can help with achieving and evidencing certain NIST 800-171 controls. For more information on NIST 800-171, check out our whitepaper "Driving Institutional Research Excellence With NIST 800-171 Compliance."

About the Campus Compliance Toolkit for NIST 800-171

Many universities are already turning to Splunk to meet the log collection requirements specified in NIST 800-171. Yet, we are always on a quest to ensure our customers can derive the maximum value out of their data. Rather than using Splunk only to satisfy the log collection requirement, we are committed to helping customers leverage the power of machine data to meet additional requirements and simplify the compliance process. Splunk’s Higher Education team has partnered with Blackwood Associates, Inc (BAI) to develop the Campus Compliance Toolkit for NIST 800-171, which will be released next week after our December 7th webinar.

The Campus Compliance Toolkit for NIST 800-171 is an extensible collection of tools built for universities grappling with these compliance requirements.

The Toolkit includes pre-built dashboards and searches that can help a university get started with evidencing and/or achieving compliance for the following controls:

Control

3.1.1

Brief Description

Limit system access to authorized users

3.1.6

Use of non-privileged accounts

3.1.7

Prevention of privileged functions

3.1.8

Unsuccessful logon attempts

3.1.12

Monitor remote access

3.1.20

Use of external systems

3.1.21

Portable storage

3.3.1

Create protect and retain audit records

3.3.2

User action audit

3.3.3

Audit event reviews

3.3.4

Audit failure alerts

3.3.5

Audit event monitoring

3.3.6

On-demand audit analysis and reporting

3.3.7

Time synchronization

3.3.8

Protect audit information and tools

3.3.9

Limit audit management users

3.4.6

Least functionality

3.4.7

Nonessential functions ports protocols and services

3.4.8

Default deny

3.4.9

Control and monitor user installed software.

3.5.6

Identifier inactivity

3.8.7

Removable media

3.11.2

Vulnerability scanning

3.11.3

Vulnerability remediation

3.12.3

Control effectiveness

3.13.1

Boundary protection

3.13.13

Mobile code

3.14.1

Flaw handling

3.14.3

Alert monitoring

3.14.4

Protection updates

3.14.5

File and malware scanning

3.14.6

Traffic monitoring

3.14.7

Unauthorized use

 

The Toolkit can also help with:

  • Defining white and black lists for software, processes, and port usage and monitoring for deviations

  • Identifying and alerting on audit process failures

  • Proving that controls are reviewed for compliance on a regular basis

The Toolkit is extensible and allows you expand to additional controls either on your own or with the help from our services team.

Best of all, the Toolkit will be available for free to new and existing Splunk customers!

Learn More

Looking for more information, join us on our webinar on December 7th for our announcement of the app and NIST 800-171 solution offerings.

Craig Vincent
Posted by Craig Vincent

Craig Vincent is a solution engineer and regional security subject matter expert at Splunk. Since joining Splunk in 2015, Craig has supported customers in higher education, healthcare, and state and local government and currently leads Splunk’s Campus Compliance Initiatives for NIST 800-171. Prior to Splunk, Craig worked at Mandiant, acquired by FireEye, Inc., and the National Cable & Telecommunications Association. Based in the DC area, Craig holds a BSE degree in electrical and computer engineering from Duke University.

Join the Discussion