OMB M-21-31 Compliance Made Easy With Splunk CES

Software supply chain attacks are increasingly complex and damaging — underscoring the importance of increased government visibility throughout a cybersecurity incident. Over the last two years, the U.S. Office of Management and Budget (OMB) Memorandum M-21-31 has challenged federal enterprises to achieve and demonstrate compliance with its security logging, log retention, log management and centralized access and visibility provisions to improve the federal government’s ability to identify and remediate cyber threats.

With the Compliance Essentials for Splunk (CES) app, agencies of any size have a flexible, customizable and scalable solution to meet the specific requirements of the OMB M-21-31 memorandum at different levels.

Protecting Our Nation’s Most Critical Assets With Splunk

The M-21-31 memorandum is a prescriptive plan to improve how organizations protect information and infrastructure in the United States. It helps them better respond to cyber threats and defend our nation’s most critical assets. As time passes, organizations that don't use technology to automate their security efforts will have to work harder to follow the rules and keep up with changing standards.

To help federal agencies meet these requirements on deadline, the Compliance Essentials for Splunk app helps agencies track their progress across the four Event Logging (EL) tiers, as described in OMB M-21-31. With CES, organizations can continually monitor their compliance posture across various control frameworks like:

• Cybersecurity Maturity Model Certification (CMMC)
• Federal Information Security Management Act (FISMA)
• Risk Management Framework (RMF)
• Defense Federal Acquisition Regulation Supplement (DFARS)
• OMB M-21-31

About the Splunk Platform

Splunk is an all-in-one security platform that includes:

• Security Information and Event Management (SIEM)
• User Behavior Analytics (UBA)
• Security Orchestration, Automation and Response (SOAR)

With flexible deployment options and customized pricing and log management features, Splunk streamlines cybersecurity compliance by aggregating logs, detecting anomalies with AI and machine learning, and securing assets against advanced threats — helping organizations meet the specific requirements of M-21-31.

Partnering With Splunk for M-21-31 Implementation

Splunk works with agencies at different stages of their M-21-31 compliance journey, whether at the beginning or closer to EL 3, by providing a consolidated set of vendor-agnostic analytics and visualizations based on the M-21-31 security requirements.

This solution provides a vendor- and data-agnostic framework that leverages Splunk's Common Information Model (CIM) to normalize data from multiple, disparate data sources and easily visualize and report on these security controls at scale — no matter the size or sophistication of the team responsible for monitoring and reporting on these requirements.

A dashboard visualizing the status of each Tier Level with percentages of data in Splunk rendered in green, yellow, orange and red.

Getting Started With CES

The CES app is available as a free download from Splunkbase and can run in Splunk Cloud Platform or in a customer on-premises environment. CES is built on Splunk Enterprise and is complementary to Splunk Enterprise Security (ES), our market-leading Security Information and Event Management (SIEM) platform. CES provides a fully customizable and tailored approach to meet the needs of any mission in any environment while allowing the organization to mature and adopt enhanced capabilities as their missions require.

Splunk recently released Compliance Essentials 2.0.1 which maps specifically to OMB M-21-31. Specifically, Version 2.0.1:

• Supports multi-system
• Allows users to split ‘OMB Data Inventory' Data Sets into individual Data Models (Deprecated 'OMB Data Inventory' Data Model)
• Includes added drill-downs to Practice Dashboards from Executive - Overview and OMB Data Requirements Overview

If you want to explore the technical aspects of your compliance journey more deeply, please contact us.