Considerations for a Federal Security Compliance and Risk Management Program

Compliance with the Federal Information Security Management Act (FISMA) can be challenging due to the broad scope of technical standards specified by NIST. The security framework in SP 800-53 includes 17 areas of security covering 205 technical and program management controls. Mapping these to IT operations of a large federal agency, implementation, and ongoing management is a huge process. To help, PacketViper has mapped 20 critical SANS controls for effective cyber defense. These specific recommendations are viewed effectively in blocking currently known high-priority attacks, as well as those attack types expected in the near future.

See below how PacketViper offers solutions to help federal agencies and contractors be compliant.

Limitation and Control of Network Ports, Protocols and Switches

NIST Special Publication 800-53 r4 Controls: AT-1,2,3,4 – SA-11,16 – PM-13,14,16

Allow remote access only to legitimate users and services. Apply host-based firewalls and port-filtering and scanning tools to block traffic that is not explicitly allowed. Properly configure web servers, mail servers, file and print services, and domain name system (DNS) servers to limit remote access. Disable automatic installation of unnecessary software components. Move servers inside the firewall unless remote access is required for business purposes

Limitation and control of network ports is primarily accomplished with the discovery of traffic flowing through the perimeter environment.  This is achieved by using tools such as:

  • Home Screen dashboard widgets
  • Summary and scheduling reporting
  • Searchable log filterings with linked IP context
  • Advanced Analytics
  • Web and Mail Analyzers
  •  Virtual Minefield sensors

Risk Management

 

PacketViper can regularly generate reports and sensor data including time, network ports, protocols, countries, companies, and associated networks found.  A record of each discovery is kept within PacketViper for a period of time designated by the customer or forwarded to 3rd party logging system (example: Splunk, LogRythm, etc.)

PacketViper can correlate connection traffic against any country, company, network, and IP using time criteria within our Advanced Analytics module. PacketViper can ingest converted network captures from sources, such as PCAP, to correlate the captured data within Advanced Analytics module. Virtual Minefield Zones and Sensors can detect unusual or unauthorized network activity including, but are not limited, the following:

  • Critical Host Volume
  • Scans and probes
  • Time schedule Violations
  • Port Activity Rates
  • Unusual Port Activity
  • Unusual Network Volume
  • Geographical Region, Company, or Network
  • Direction

Risk Management Correlation

Use PacketViper dashboards to view, in real time, live traffic with time stamp source and destination country, company, and IP.  Each view is hyperlinked to our patented NetCheck which provides the full IP context of data capable of geographically isolating any part of the traffic by IP, company, or country.  

Boundary Defense

NIST Special Publication 800-53 r4 Controls: AC-4,17,20  – CA-3,7,9 – CM-2 – SA-9 – SC-4, 7 – SI-4

Control the flow of traffic through network borders and police content by looking for attacks and evidence of compromised machines. Establish multi-layered boundary defenses by relying on firewalls, proxies, demilitarized zone (DMZ) perimeter networks and other network-based tools. Filter inbound and outbound traffic, including traffic through business partner networks (“extranets”).

Deny communications with or limit the data flow to known malicious IP addresses (blacklists), or limit access only to trusted sites (whitelists). Tests can be periodically carried out by sending packets from bogon source IP addresses (un-routable or otherwise unused IP addresses) into the network to verify they are not transmitted through network perimeters. Lists of bogon addresses are publicly available on the Internet from various sources and indicate a series of IP addresses that should not be used for legitimate traffic traversing the Internet. To control the flow of traffic through network borders, and to police content by looking for attacks and evidence of compromised machines, boundary defenses should be multi-layered—relying on firewalls, proxies, and DMZ perimeter networks as well as network based IPS and IDS. It is also critical to filter both inbound and outbound traffic.

PacketViper can granularly control, regulate, and identify traffic geographically by rate, direction and time. You can also identify by country, company, network and IP.  By filtering the key aspects identified, port and protocol filters will significantly reduce the activity and unwanted traffic through the security perimeter.  This method reduces traffic congestion and the amount of loads which in return provides better visibility to enhance current security postures.

Risk Management Map

 

PacketViper can specifically control boundaries of internal, external, and cross connected networks. This can be done geographically by rate, time, company, network or IP for any connected devices.

Risk Management Controls

 

PacketViper can analyze, alert, and filter traffic destined or received from dump servers, command and control machines or bots. Our Virtual Minefields can gather intelligence while detecting newly infected bots, proxy attempts, probes/scans and flooding.

Deception Dashboard

About FISMA

FISMA is part of the E-Government Act of 2002. Its provisions fall into three major categories: assessment, enforcement, and compliance.

Assessment pertains to determining the adequacy of the security of federal assets.

Enforcement requires that key information security provisions be implemented and managed.

Compliance establishes provisions for the management of each agency’s information security program and the accountability of each agency for compliance and reporting.

FISMA directs the National Institute of Standards and Technologies (NIST) to create and manage technical standards for compliance. Key standards include NIST Special Publication (SP) 800-53 and Federal Information Processing Standards (FIPS) 199 and 200. Audits for FISMA compliance are managed by the Office of Management and Budget (OMB).

Why FISMA Matters to Your Organization

Threats to federal systems and critical cyber infrastructures come from sovereign states, terrorists, criminals, lone hackers, and mistakes committed by staff and contractors. A successful exploit would be disastrous if it were to stop or stall vital functions of government or critical services.

If a federal agency fails to comply with FISMA, it may be sanctioned via a budget cut. Contractors that exchange data with federal information systems must also comply with FISMA or risk termination from a contract. Non-compliance may preclude contractors from bidding on future federal contracts.

From Our Blog

  • PacketViper Presents CyberTalk360

    PacketViper presents CyberTalk360, a 15-minute webinar series about all things cybersecurity. 2021 presents a multitude of cybersecurity challenges. It’s challenging to sort through the clutter and make sense of it all. That’s why we’re launching this webinar. Each month our team will get together to dig into the latest news, issues and newsworthy cybersecurity topics. … Continue reading >>>

  • PacketViper Named to Carahsoft Contract to Support U.S. Army Cybersecurity

    PacketViper today announced that it has been named a manufacturer on the Information Technology Enterprise Solutions – Software 2 (ITES-SW2) contract for the U.S. Army Computer CHESS. This contract is held by Carahsoft Technology Corp.

  • A Compensating Control for the Vanishing Air Gap

    Operational technology (OT) networks are becoming more connected to IT environments. As such, the once dependable ‘air gap’ protection between IT and OT no longer exists. This creates cyber risk that can result in substantial financial losses, the disruption of essential services, and possibly affect national security and public welfare. For organizations relying on OT, … Continue reading >>>

  • Download PacketViper’s Ransomware Use Case for OT and IT

    Ransomware Image for PacketViper Use Case to Harden OT Security Without Risking DowntimeRansomware is on the rise and the increasing convergence of information technology (IT) and operational technology (OT) networks creates new pathways for attackers into coveted OT environments. As connected OT networks become more accessible to threat actors of all motivations, security teams need to look at more pragmatic ways to harden OT security without the … Continue reading >>>

  • Register for PacketViper’s CyberTalk360 February 16 Webinar

    Register for PacketViper’s CyberTalk360 February 16 Webinar, a 15-minute discussion about all things cybersecurity. 2021 presents a multitude of cybersecurity challenges. It’s challenging to sort through the clutter and make sense of it all. That’s why we’re launching this webinar. Each month our team will get together to dig into the latest news, issues and … Continue reading >>>

  • Transform Threat Hunting

    into proactive threat huntingHow can you transform threat hunting? Consider this home security scenario: Imagine you have a choice of two home security systems: The first one only alerts you about intruders after they have broken into your house. The second one works when the threat is on your front lawn and keeps it away. Which do you … Continue reading >>>

  • Bit-and-piece DDoS threats are on the rise

    Fight DDoS Attacks with Packetviper Deception360Distributed denial of service (DDoS) attacks are on the rise. According to the Nexusguard Q2 2020 Threat Report, overall DDoS attacks increased by 515% year over year. And ‘bit-and-piece’ style attacks were up 570% compared to the same period last year. So how can you deceive bit-and-piece DDoS threats? This is a challenge, especially now, … Continue reading >>>

  • 3 Steps to Close the Proxy Loophole on Malicious Nation-State Attackers

      Heightened geopolitical tensions led to a recent warning from CISA on strengthening cyber defenses in anticipation of increased nation-state cyber attacks.  While we know the specific nation-states we are most concerned with, targeting defenses against them is tricky. Attackers have abundant resources to wage dynamic, persistent attacks. Unfortunately, common cyber defense solutions are typically … Continue reading >>>