Due to increasing and evolving cyber security threats, the government must stay vigilant and positioned to be proactive in this ever changing cyber security world. To this end, the government has determined that real time continuous monitoring (CM) and risk scoring are key steps to being proactive in identifying potential threats. Luckily, there are Continuous Diagnostics and Mitigation (CDM) vendors that provide tools to increase the visibility of potential threats at the enterprise level. With these tools, in conjunction with the security assessment and authorization (SA&A) process, the government is better positioned to fight rapid threats.
Our client at the Department of the Treasury, like other agencies, recognized the need to implement near real time continuous monitoring and risk scoring. However, there is still the need to manually assess FISMA systems, and provide reporting to OMB and pass FISMA audits. Merging automation tools with manual processes to achieve real time continuous monitoring and risk scoring requires preparation and a methodical approach prior to implementation. Though these are daunting tasks, they are essential to the security of government data, as well citizen data, collected by the government.
ActioNet, along with a vendor, worked closely with our client to implement a solution to meet the goals of real time continuous monitoring, risk scoring, and folding the security assessment and authorization (SA&A) process to meet the client’s requirements. The first step in the risk scoring and SA&A process was to upgrade the existing SA&A tool to the latest version which would allow for risk scoring.
Our process was progressive using a methodical approach to accomplish large milestones. We developed a comprehensive enterprise inventory, the decommissioning of legacy systems, as well as the paring down of systems. This made for a smaller system footprint, which provided more clarity and ease with implementing near real time continuous monitoring. The next step was to obtain data from vulnerability tools, monitoring tools, and SIEMs into the upgraded tool. Working with the vendor, we developed automated processes to the ingest data being received from these various sources.
We also had to determine review frequencies for controls that could not be assessed using an automated tool. Within the SA&A tool we established frequency alerts for those controls requiring manual review or assessments.
ActioNet worked tirelessly with the vendor to upgrade the client’s existing SA&A tool to support continuous monitoring and risk scoring. The methodical approach of paring down systems, determining control frequencies and the ingestion of vulnerability, monitoring and SIEM tools into the automated SA&A tool are garnering results. Although some bugs are being resolved, our client is recognizing that near real time CM and Risk Scoring is providing significant insight into the current security posture of the enterprise.