Device Hardening and Continuous Compliance Monitoring CONTINUOUS COMPLIANCE

NIST SP 800-53 Rev. 4 and FISMA: Security and Privacy Controls for Federal Information Systems and Organizations

NIST SP 800-53 is a guide developed by the Joint Task Force Transformation Initiative Interagency Working Group specifically focused on security controls, mandated by the Federal Information Security Management Act (FISMA). This working group is an ongoing information security partnership among the U.S. Department of Defense, the Intelligence Community, the Committee on National Security Systems, the Department of Homeland Security, and U.S. federal civil agencies.

Special publication 800-53 focuses on ‘Controls’ to underpin security best practices for anyone operating Federal Information Systems, although IT related to National Security are covered separately. The assessment guidelines mandate the need for periodic testing and evaluation of the security controls federal agencies need to put in place.

Naturally there is strong emphasis on ‘Software, Firmware and Information Integrity’, and ‘Configuration Management Policy and Procedures’ see below

“Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications.

State-of-the-practice integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications”

“The organization employs automated mechanisms to maintain an up -to-date, complete, accurate, and readily available baseline configuration of the information system”

The most recent revision published in April 2013 was updated to reflect new and evolving considerations for Federal Information Systems and Organizations Risk Management Frameworks, including greater emphasis on

  • Insider threats;
  • Software application/web application security
  • Social networking, mobiles devices, and cloud computing;
  • Cross domain solutions;
  • Advanced persistent threats;
  • Supply chain security;
  • Industrial/process control systems; and
  • Privacy

Read more in the official NIST publication http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

NNT Change Tracker uses a continuous monitoring approach to provide integrity verification in real-time, providing audit trail evidence and alerts in line with SP 800-53 controls. In addition Configuration Management Policy and Procedure controls can be provided using Change Tracker Compliance Reports and Planned Change operation to ensure only approved changes are made and any configuration drift is highlighted, with Who Made the Change and Remediation instructions provided as standard.

 

try it get a quote request a demo ask a question

And the number one solution that delivers all the
key security and compliance benefits of file integrity monitoring is NNT Change Tracker™

Easiest To Use – Most Fully Featured – Most Affordable
Learn more about NNT Change Tracker here

Products
Trusted by:
sajan.jpgactivetelesource.jpgcuany.jpgwestern-financial-group.jpgcornell.jpgnhs.jpgdupont.jpgnewlook.jpghandh.jpggolubcapital.jpgvoxgen.jpgpma.jpgpando.jpgessex-police.jpg5thavetheatre.jpgadvance2000.jpgxaxis.jpgjack-wills.jpgderivco.jpgeon.jpgace.jpgnafsa.jpghampshire.jpgsimmons.jpgNIBSS.jpgucsandiego.jpgBlackbird-Technologies.jpgunionbank.jpglansare_logo.jpgtechnologypros.jpgconcord.jpgclickandbuy.jpgScotRail.jpgTotal-Card.jpgushmm.jpgamdocs.jpgcontinuum.jpgcigna.jpgRed-Card-Systems.jpgrnib.jpgnorcotek.jpgford.jpgonpoint.jpgarmy.jpgzap.jpgBiaggis.jpgbriefing.jpgcare.jpggowireless.jpglandisgyr.jpgunifiedpayments.jpgbritish-museum.jpgdhl.jpgageas.jpgduncansolutions.jpgthewestbrom.jpgveolia.jpgraiffeisen.jpgcsmartlive-casino.jpgzen.jpgsunchemical.jpgstjoe.jpgbom.jpgboomkat.jpgghl.jpgselectcore.jpgspendvision.jpgcolliercounty.jpgnashville-int-airport.jpgticketmaster.jpgislandbanki.jpglivenation.jpgpunter-southall.jpgleidos.jpgmarwoodgroup.jpgcablewire.jpgMontrose-Travel.jpgni.jpgnymbus.jpgsymago.jpgnxgen.jpgentee.jpgeasystreet.jpgpurchase.jpgskipton.jpgcredimax.jpgcboss.jpguniversal-orlando.jpgkennethhagin.jpgdeluxecorp.jpgcentertheatre.jpggeneral-dynamics.jpgeTranzact.jpgeztaxreturn.jpgrealec.jpgedm.jpgsynergiecontact.jpgabrsm.jpgfirst-quantum.jpghepsiburada.jpgxap.jpghub_logo.jpgduoboots.jpgfis.jpgAeriandi.jpgalamo-colleges.jpglivetv.jpgmaxwellpaper.jpgorbcomm.jpgenmax.jpgbarton-cooney.jpgzenithbank.jpgmtrgaming.jpgaimia.jpgdudley-nhs.jpgdatamatx.jpgpicturehouse.jpgpkr.jpghp.jpghbl.jpgkalmbachpublishing.jpgzamir.jpghotel-cholat.jpg4wheelparts.jpgretail-lockbox.jpgnctm.jpglark.jpgopportune.jpgwestfield-state-university.jpgwett.jpgbowtie.jpgpowerchord.jpgiac.jpgcrowedunlevy.jpgiridium.jpgShelby-County.jpgcua.jpgtravelodge.jpgxerox.jpgwhynotleaseit.jpgharbouritau.jpgPenn-State-Uni.jpgAWA-Collections.jpgdunelm.jpgbrocade.jpginss.jpghhglobal.jpgStandard-Hotel.jpgrayonier.jpgryanair.jpgprometric.jpgpartnerships.jpgaberdeen.jpgodeon.jpgRichland-Logistics.jpgbankofchina.jpghph.jpgpaymetric.jpgCompliance-360.jpgarqiva.jpgbobby-cox.jpgpass.jpgsymetra.jpgjohnsons.jpgsiconns.jpgequiant.jpgepay.jpgberkshireassociates.jpgjet-blue.jpghei-hotels.jpgbnpparibas.jpgbchdigital.jpgnkwd.jpgchaparral.jpgovec.jpgblakemore.jpgpaypro-business.jpgforeshore.jpgaciconn.jpgwonga.jpgSpanson.jpgacas.jpgrentatoll.jpgwallashops.jpgwhsmith.jpgvmi.jpgvse.jpggm.jpgnhs-bury.jpgaspen.jpgspar.jpgingbank.jpgstpeters.jpgwindsorandmaidenhead.jpgbrightstar.jpgredwood.jpgseapines.jpgtheatreroyal.jpgwizzair.jpggvec.jpgshearwater.jpgvnpay.jpgeuroffice.jpgkenneth-copeland.jpgharrods.jpgdublin-business.jpg
USA Offices
New Net Technologies Ltd
Naples
9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email USinfo@nntws.com
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email info@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.

Sign up to the NNT newsletter