NIST 800-53 Compliance

 

Ekran System cooperates closely with the National Institute of Standards and Technology (NIST), a world-renowned non-regulatory agency providing detailed guidelines for improving information security within federal agencies and associated organizations. As an all-in-one insider risk management platform, Ekran System can help you build data protection systems and digital infrastructure protection systems that comply with key requirements of NIST 500-83.

 

 

NIST 800-53 compliance: who needs it and why?

 

As a non-regulatory agency of the US Department of Commerce, NIST focuses on researching and establishing general guidelines and standards that federal agencies must meet.

 

In particular, NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations is a set of guidelines and recommendations for architecting and managing secure information systems. Compliance with NIST 800-53 security control guidelines is the main key to achieving compliance with the Federal Information Security Management Act of 2002 (FISMA) and Federal Information Processing Standards (FIPS) requirements.

 

Since 2005, NIST has released several revisions of SP 800-53. The latest is Revision 5.1 [PDF], published in 2020. The control baselines that have previously been included in NIST Special Publication 800-53 have been relocated to its companion publication — NIST Special Publication 800-53B.

NIST-800-53-COMPLIANCE-figure-1

The Ekran System platform is the ultimate NIST 800-53 compliance software that covers the core security controls and makes it easy to secure your organization’s critical assets and sensitive data.

 

Using Ekran System to meet NIST 800-53 requirements

 

Ekran System helps you comply with NIST 800-53 security controls and secure your sensitive data by providing user activity monitoring and auditing, identity and access management, and incident response capabilities.

 

NIST 800-53 Revision 5.1 provides detailed guidelines for the above-mentioned security and privacy controls that cover 20 control families.

NIST-800-53-COMPLIANCE-figure-2

For each of these families, there’s a large list of NIST 800-53 controls that includes security controls with different impact levels. However, organizations don’t need to implement all of these controls to comply with FISMA and NIST SP 800-53. They need to follow the baseline recommendations for architecting information security systems but are free to choose which security tools and solutions to use for that purpose.

 

With Ekran System, you can implement the necessary security controls for NIST 800-53 control families including:

 

  • Access Control (AC)
  • Audit and Accountability (AU)
  • Assessment, Authorization, and Monitoring (CA)
  • Identification and Authentication (IA)
  • Incident Response (IR)
  • Maintenance (MA)
  • Planning (PL)

 

As a NIST compliance tool, Ekran System fully covers all of the controls in the Audit and Accountability family while also covering the majority of security controls in other control families.

 

Access Control

 

The Access Control family includes a wide range of security controls for ensuring the proper level of access management. Ekran System includes a number of features that can help you meet critical NIST 800-53 access control requirements, including:

 

  • AC-2 Account management – Ekran System contains a set of authentication features that can be used for improving your current account management system, including identity management, two-factor authentication, and privileged access management (PAM), and role-based access control.
  • AC-3 Access enforcement – Ekran System’s access management capabilities allow authorization approval to be enforced according to your access control policies.
  • AC-5 Separation of duties – Using Ekran System, you can allow users to access only the data necessary for performing their duties by adding users to a certain user group with specific permissions.
  • AC-6 Least Privilege – Ekran System ensures granular access by assigning, elevating, terminating, and managing user access privileges. It also enables granting of temporary access permissions by request and auditing of privileged user activity.
  • AC-7 Unsuccessful logon attempts – Ekran System provides the ability to allow users access without approval only during work hours and to block any login attempts during non-working hours and days.
  • AC-8 System use notification – Ekran System can be configured to display notifications about login attempts within the protected perimeter.
  • AC-10 Concurrent session control – Ekran System allows you to control concurrent user logins to the Management Tool.
  • AC-12 Session termination – The maximum duration of one local session is 24 hours. At 00:00 (midnight), all live sessions are terminated. After termination, new live sessions start automatically.
  • AC-17 Remote access – Ekran System provides monitoring and control capabilities for easy and secure access of remote employees and third-party contractors.

 

Ekran System offers a robust set of privileged access management capabilities, enabling you to granularly manage access permissions for different users, roles, and user groups. Other access management features provided by Ekran System include manual access approval, time-limited access permissions, one-time passwords, two-factor authentication, and secondary authentication for shared accounts.

 

Audit and Accountability

 

The NIST Audit and Accountability control family covers security practices required for establishing a reliable accountability system within an organization. NIST recommends performing detailed and continuous audits to detect possible cybersecurity threats and investigate incidents. Auditing and accountability are necessary to pass a NIST compliance audit or prove compliance with other security standards and regulations.

 

Ekran System is a comprehensive user activity monitoring solution that can provide you with a detailed audit log of every event that happens on a monitored endpoint. The platform can help you meet the key NIST 800-53 audit logging requirements as it covers many security controls within the Audit and Accountability control family, including:

 

  • AU-2 Event logging – Ekran System can be configured to monitor and audit all or only specific events.
  • AU-3 Content of audit records – Ekran System audit records contain information regarding security event descriptions, time stamps, user or process identifiers, source and destination addresses, event outcomes, names of files involved, etc.
  • AU-4 Audit log storage capacity – Ekran System relies on compression algorithms to store audit logs without using too much disk space. This way, you don’t need to expand your data storage.
  • AU-6 Audit record review, analysis, and reporting – Ekran System provides a rich set of reporting capabilities. Reports can be generated manually or automatically according to a set schedule. You can also review activity records via a built-in video player and use metadata about an event as search parameters.
  • AU-7 Audit record reduction and report generation – Ekran System allows you to filter and sort audit log records and generate reports on them.
  • AU-8 Time stamps – All recorded data is coupled with timestamps.
  • AU-9 Protection of audit information – Audit logs are protected against alteration of log entries with an integrity check. The data is also encrypted in the database, with unique database encryption. If an Audit log has been modified, the software displays a red warning message.
  • AU-10 Non-repudiation – Any non-repudiation action, including creating, sending, receiving, and approving information, is recorded by Ekran System. Users can’t alter these records, and you can export them in a protected format and use them as evidence in forensic activities.
  • AU-11 Audit record retention – You can store any number of audit records until they are needed for administrative, legal, audit, or other operational purposes.
  • AU-12 Audit record generation – Ekran System provides audit logs with detailed audit records.
  • AU-14 Session audit – By default, Ekran System records all user sessions initiated on the target endpoint, including privileged user sessions. Auditing the recorded sessions, you can analyze user keystrokes, visited websites, and opened files, among other metadata.

 

Assessment, Authorization, and Monitoring

 

The Assessment, Authorization, and Monitoring control family includes nine security controls for assessing, authorizing, and monitoring employees and various system connections through the infrastructure. To achieve this, NIST recommends developing and implementing a risk management strategy for establishing an assessment, authorization, and monitoring policy and procedures.

 

Ekran System offers functionality for securely authorizing users and entities as well as continuously monitoring their actions within the IT infrastructure.

 

  • CA-7 Continuous monitoring – Ekran System ensures continuous monitoring of both regular users and privileged users in real time. Monitoring sessions are recorded in a video format with text metadata for further analysis. Ekran System also supports keystroke monitoring and USB device management.
  •  

    Identification and Authentication

     

    The Identification and Authentication control family covers a set of security controls necessary for uniquely identifying each user and device accessing your network. The ability to identify each user accessing the system and then reliably connect them to a specific resource is crucial for detecting potential threats and investigating security incidents.

     

    As a universal NIST compliance software, Ekran System provides a number of identity and access management features for ensuring a high level of user identity verification, including secondary authentication and multi-factor authentication (MFA). These capabilities cover the following NIST Identification and Authentication controls:

     

    • IA-2 Identification and authorization (organizational users) – As advised by NIST 800-53, two-factor authentication or multi-factor authentication can be used to secure access to privileged accounts. The MFA capabilities provided by Ekran System allow you to uniquely identify internal employees, subcontractors, and other organizational users.
    • IA-4 Identifier management – Ekran System allows for assigning and verifying each user and role with a unique username. In multitenancy mode, the platform also issues tenant keys so each tenant can quickly identify their Ekran System Clients.
    • IA-5 Authenticator management – User credentials and secrets are safely stored inside the Ekran System password vault. Password management capabilities allow you to automate the creation, rotation, and termination of credentials as well as prevent leaks.
    • IA-8 Identification and authorization (non-organizational users) – Ekran System’s secondary authentication feature ensures additional identification of every user logging in to the system under a shared account. Access requests from unknown and unauthorized users are denied automatically.
    • IA-10 Adaptive authentication– The user and entity behavior analytics module in Ekran System can detect if a user logs in to the system at an unusual time. In this case, the platform can notify you or terminate the user session automatically, making the user re-authenticate.
    • IA-11 Re-authentication – Ekran System can automatically terminate user sessions if they violate security rules you configure. To continue working, a user whose session is terminated will have to authenticate once more.

     

    Incident Response

     

    The Incident Response control family covers one of the most important parts of ensuring the protection of sensitive data: what needs to be done in case of a security incident. Ekran System provides actionable tools to meet the requirements of the following controls:

     

    • IR-4 Incident handling – Ekran System provides an alerting system to detect incidents in a timely manner and a set of manual and automated incident response options. You can immediately kill a threatening process or block a suspicious user and investigate the incident.
    • IR-5 Incident monitoring – When an incident is detected, a security officer is notified and provided with all context needed to quickly respond. The officer also can watch the suspicious user session in real time to define whether it needs an immediate response.
    • IR-6 Incident reporting – With Ekran System, you can generate reports on any details of a security incident and use them to report the incident to the relevant authorities. You can also export data in a forensic format for further cybersecurity incident investigation and analysis.

     

    Maintenance

     

    Any changes to cybersecurity system configurations can pose the threat of compromising its performance, introducing new vulnerabilities to it, or deploying malicious code. The Maintenance control family describes ways to ensure that your security system undergoes maintenance without any harm or undesired changes. Here’s how you can secure maintenance activities with Ekran System:

     

    • MA-2 Controlled maintenance – Ekran System records users with any level of privileges and in any environment, including Ekran System administrators. Reviewing these records can help you monitor and control the maintenance of cybersecurity system components.
    • MA-4 Nonlocal maintenance – Remote sessions are monitored and recorded the same way as local ones. This way, you’ll have an equal level of control over local and nonlocal maintenance activities.

     

    Planning

     

    The Planning controls of NIST 800-53 help organizations create a robust security management system and control any security-related activity. Systematic and centralized collection of data about cyber protection is the foundation for policies and plans required by this family of NIST 800-53 controls. You can easily add data collected by Ekran System to your pipelines:

     

    • PL-9 Central management – The Management Tool allows you to access and manage all security-related information that Ekran System collects. Also, you can integrate Ekran System with your SIEM and ticketing system to fully centralize security information management.

     

    NIST SP 800-53 isn’t the only IT security standard that Ekran System can help you comply with. Using Ekran System also makes it much easier to meet the requirements of other industry standards, laws, and regulations, including FISMA, HIPAA, and PCI DSS.