On January 31st, 2020, the Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD A&S) published V1.0 of the Cybersecurity Maturity Model Certification (CMMC). The CMMC builds on DFARS both in terms of required practices and by establishing “trust, but verify” relationships with DoD contractors. Rather than establishing compliance with a single event as with DFARS, the CMMC establishes that DoD contractors must regularly demonstrate compliance and cybersecurity to qualify new contract opportunities. While successful cybersecurity is always time-sensitive, OUSD A&S plans to ensure the CMMC is a priority for DoD contractors by enforcing certifications in acquisitions slated for the calendar year 2020.
What Happens Next?
Organizations with highly mature security and compliance processes must quickly define their approach to absorb another monitoring and audit workflow into their existing business operations. Meanwhile, organizations still working to mature their security and compliance operations must rapidly adopt a strategic approach that meets both their near-and long-term business objectives. Completing certification from either perspective requires organizations to overcome four common challenges in cybersecurity and continuous monitoring.
Slow, Complex Implementation
DoD contractors must quickly deploy and adopt technologies for continuous monitoring and execution of cybersecurity practices defined by the CMMC. Waterfall project design and multi-faceted enterprise data modeling efforts stand to put OUSD A&S’s adoption timelines at-risk.
Siloed Sensors and Data Sources
Disparate tools and data sources are often siloed and do not present a clear path to establishing repeatable, integrated processes. Disparate data creates a drag on business activities and limits the effectiveness of cybersecurity investments and initiatives.
High Volume and Velocity Data
Enterprise environments generate massive amounts of data. Monitoring and auditing this data is a nontrivial task that risks becoming its own engineering science project.
Rigidity as a Limiting Factor to Growth
Organizations need to not only meet initial certification requirements but also design an approach and platform that meets long-term business objectives. These objectives include both operational growth and potential advances in cybersecurity practice maturity to achieve higher levels of certification for new contract opportunities.
Splunk’s customers include all four branches of US Armed Forces, DoD agencies, and defense contractors. In talking with our customers, we confirmed assumptions about the urgency and priority for successfully achieving certification. Considering the common challenges in this space, we saw an opportunity to aid customers and accelerate certification efforts by providing a tailored solution that fully leverages Splunk. As a result, my team has worked to produce the Splunk for CMMC solution, and produced in a hurry, we did.
For anyone that’s been following along with previous blog posts written by Anthony Perez ("Getting a Head Start on CMMC" and "Upcoming Milestones and Readiness for the CMMC"), I’m happy to say Draft V0.7 closely foreshadowed the requirements in the V1.0 publication. This has allowed my team to rapidly tailor our solution towards general availability targeted for next month. The solution is aligned with the domains, capabilities, and the 171 practices defined across CMMC’s five maturity levels. Leveraging the Splunk Enterprise platform and the Splunk for CMMC solution, Splunk can help your organization overcome challenges in the area of continuous monitoring.
Splunk provides a single environment to Investigate -> Monitor -> Analyze -> and Act on your data. Pre-built analytics across dozens of practices and security-relevant data sources allow for iterative refinement and tailoring to meet CMMC-mandated cyber security practices
A Single Pane View Into Your Data
Splunk software is vendor and location-agnostic, meaning that Splunk offers organizations a single pane of glass window into their enterprise across tools, sensors, geographies, and even cloud or hosting providers. Splunk’s Common Information Model (CIM) streamlines data normalization and allows for standardized analytics across multiple data sources.
Designed for Scale On-Premise or in the Cloud
Splunk Enterprise on-premise or the FedRAMP Authorized Splunk Cloud SaaS offering rise to enterprise data demands with the ability to process multiple terabytes of new data per day, processing and surfacing tens of thousands of events per second.
Robust and Responsive to your Mission
Built on Splunk Enterprise, the solution is designed to surface data from across your existing and future capability investments. As organization maturity evolves, the solution can be leveraged to surface data from other Slunk capabilities including Splunk Enterprise Security (SIEM), Splunk Phantom (SOAR), and Splunk UBA (UEBA) to automate, streamline, and enable practices required by the CMMC.
We’ll be hosting a Splunk for CMMC Solution Webinar on March 25, 2020 where we'll discuss how the CMMC solution is built on Splunk Enterprise and can be applied to your existing Splunk deployment, or used in conjunction with a new deployment, to accelerate your path to certification. Don't miss out and register here!