NIST special publication 800-171, called the Defense Federal Acquisition Regulation Supplement (DFARS), deals with the unique risk existing when information is managed and controlled in nonfederal systems and organizations where Controlled Unclassified Information (CUI) is processed, stored and transmitted.
CimTrak provides detailed alerts, reports, and controls to common criteria sections including:
3.1 - ACCESS CONTROL
3.3 - AUDIT AND ACCOUNTABILITY
3.4 - CONFIGURATION MANAGEMENT
3.8 - MEDIA PROTECTION
3.11 - RISK ASSESSMENT
3.12 - SECURITY ASSESSMENT
3.13 SYSTEM AND COMMUNICATIONS PROTECTION
3.14 SYSTEM AND INFORMATION INTEGRITY
Continuous compliance with prescriptive steps to remediate failed systems ensuring they are in a trusted and expected state.
Monitor critical configurations to ensure a compliant state. CimTrak operates in real-time enabling Mean-Time-To-Identify (MTTI) security incidents in seconds.
Monitor your environment. Don’t let unauthorized access occur with your routers, firewalls, and network devices.
NIST 800-171 is comprised of 14 control categories totaling 110 controls in addition to another 62 Non-Federal Organization (NFO) controls.
Of the 14 control categories, 110 controls and 62 NFO controls, CimTrak addresses 8 control categories, 33 discrete controls and 13 NFO controls.
Complying with 800-171 does not mean you will automatically pass a CMMC audit, as CMMC includes 3 additional domains (Asset Management, Recovery, and Situation Awareness) and 2 non-NIST 800-171 controls.
CimTrak provides the forensic analysis of outages and security incidents in real-time. Forensic details include what
files were added/modified/deleted, source IP address, the user who made the change, time of change, and process involved.
CimTrak has a unique functionality where it can manually or automatically roll-back and restore files that drift from a knows and expected state. This is particularly important with system attributes and configuration settings that should NEVER change. This feature positively impacts mean-time-to-repair/restore/recover (MTTR) to prevent both security incidents and operational failures.
Given CimTrak’s patented real-time change detection capability, immediate notification and remediation options are available to ensure that any potential threat, both internal and external, does not permeate throughout the organizations. CimTrak’s mean time to detect (MTTD) malicious and unwanted changes is measured in minutes as opposed to the industry average of 195 days.
CimTrak’s ticketing functionality integrates with ITSM technologies creating a closed-loop environment of change management to reconcile expected and approved changes.
This approach drastically reduces the "noise" problem when authorized/expected changes (i.e. patches) are logged and
achieved leaving only those alerts that highlight unknown, unauthorized and potentially malicious changes or activity.
When CimTrak detects changes, CimTrak's Trusted File Registry (TFR) which is a database repository of known and
trusted files as determined by the software vendors themselves, validates and verifies the trust and integrity of individual files. The TFR database has several billion
cryptographic hashes of trusted files including source and meta-level information associated with each file.
Cross Mappings |
||||
3.1 | ACCESS CONTROL(AC) |
CMMC# |
800-83 | HOW CIMTRAK HELPS |
3.1.1 | Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). | AC.1.001 | AC-2 AC-3 AC-17 |
CimTrak has the capability of restricting and preventing access and changes to systems files, directories and other critical operating components and reporting forensic level data. |
3.1.2 | Limit information system access to the types of transactions and functions that authorized users are permitted to execute. | AC.1.002 | AC-2 AC-3 AC-17 |
|
3.1.4 | Separate the duties of individuals to reduce the risk of malevolent activity without collusion. | AC.3.017 | AC-5 | |
3.1.7 | Prevent non-privileged users from executing privileged functions and audit the execution of such functions. | AC.3.018 | AC-6(9) AC-6(10) |
|
3.1.9 | Provide privacy and security notices consistent with applicable CUI rules. | AC.2.005 | AC-8 |
Cross Mappings | ||||
3.3 | AUDIT AND ACCOUNTABILITY | CMMC# | 800-53 | How CimTrak Helps |
3.3.1 | Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. | AU.2.042 | AU-2 AU-3 AU-3(1) AU-6 AU-11 AU-12 |
CimTrak detects changes from a trusted and secure baseline across a broad range of systems and applications in the IT environment and generates comprehensive audit trails, reporting and forensic details to investigate unauthorized changes and activities. Audit trails and reports generated by CimTrak include information on "who" is making a change so that it can be directly traced to a system user. CimTrak's ability to capture information in real-time means that abnormal change events can be investigated immediately, thus ensuring the maximum security of sensitive data. |
3.3.2 | Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions. | AU.2.041 | AU-2 AU-3 AU-3(1) AU-6 AU-11 AU-12 |
CimTrak provides forensic details about actions of individuals including; what they were looking at, Source IP address, if changes were made, the user who made the change, time of change, and process involved. |
3.3.5 | Use automated mechanisms to integrate and correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity. | AU.3.051 | AU-6(3) | CimTrak can seamlessly detect in real-time change events and send to most any Security Information and Event Manager (SIEM) where they can be further analyzed and correlated. Integration with a SIEM is easy and done directly from the CimTrak Management Console. |
3.3.6 | Provide audit reduction and report generation to support on-demand analysis and reporting. | AU.3.052 | AU-7 | CimTrak provides real-time audit information and can generate reports on a set schedule, or on-demand. Both audit trails and reports are extremely detailed and provide a wealth of information regarding changes including "who" made the change, "what" exactly changed, "when" it changed, and "what process" made the change. |
3.3.8 | Protect audit information and audit tools from unauthorized access, modification, and deletion. | AU.3.049 | AU-6(7) AU-9 |
CimTrak audit trails are stored within the CimTrak Master Repository in a secure, encrypted format where alterations are not able to take place. |
3.3.9 | Limit management of audit functionality to a subset of privileged users. | AU.3.050 | AU-6(7) AU-9(4) |
Viewing of CimTrak audit data can be restricted to only certain, approved users. |
Cross Mappings | ||||
3.4 | CONFIGURATION MANAGEMENT | CMMC# | 800-53 | How CimTrak Helps |
3.4.1 | Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. | CM.2.061 | CM-2 CM-6 CM-8 CM-8(1) |
CimTrak's core competency is to keep data secure by establishing, maintaining, and monitoring system baselines. Baselines can be created at any point throughout a system's lifecycle. System baselines are securely stored within the CimTrak Master Repository where they are monitored for changes. Changes to a system's baseline can be tracked over time and alerts issued should an unexpected change occur, indicating a possible compromise. |
3.4.2 | Establish and enforce security configuration settings for information technology products employed in organizational information systems. | CM.2.064 | CM-2 CM-6 CM-8 CM-8(1) |
CimTrak provides historical configuration setting to establish a chain of evidence and root of trust. CimTrak's patented real-time change detection and response technology provides a closed-loop change control system that covers everything from servers and desktops to cloud configurations, hypervisors, container orchestration, databases and more. CimTrak has a built-in ticketing system that can be used standalone or in unison with leading ITSM vendors to capture authorized work orders to reconcile expected changes with observed leaving unwanted and unexpected changes highlighted for review and/or remediation. CimTrak provides manual or automated roll-back capability as well as change prevention for those files, directories or configurations that should never change. CimTrak also provides both black and whitelisting correlation, STIX/TAXII feeds and file reputation services to provide more contextual information to help identify what should and should not be running in your environment. |
3.4.3 | Track, review, approve/disapprove, and audit changes to information systems. | CM.2.065 | CM-3 | |
3.4.4 | Analyze the security impact of changes prior to implementation. | CM.2.066 | CM-4 | |
3.4.5 | Define, document, approve, and enforce physical and logical access restrictions associated with changes to the information system. | CM.3.067 | CM-5 | |
3.4.6 | Employ the principle of least functionality by configuring the information system to provide only essential capabilities. | CM.2.062 | CM-7 | CimTrak leverages the best practices of both CIS benchmarks as well as DISA STIGs to establish a referenceable configuration baseline of trust. Deviations to this baseline are detected in real-time to ensure there is no integrity drift from a known and trusted reference point. This includes the addition, modification and deletion of software applications. |
3.4.7 | Restrict, disable, and prevent the use of nonessential programs, functions, ports, protocols, and services. | CM.3.068 | CM-7(1) CM-7(2) |
CimTrak provides historical configuration setting to establish a chain of evidence and root of trust. CimTrak's patented real-time change detection and response technology provides a closed-loop change control system that covers everything from servers and desktops to cloud configurations, hypervisors, container orchestration, databases, and more. CimTrak has a built-in ticketing system that can be used standalone or in unison with leading ITSM vendors to capture authorized work orders to reconcile expected changes with observed leaving unwanted and unexpected changes highlighted for review and/or remediation. CimTrak provides manual or automated roll-back capability as well as change prevention for those files, directories or configurations that should never change. CimTrak also provides both black and whitelisting correlation, STIX/TAXII feeds and file reputation services to provide more contextual information to help identify what should and should not be running in your environment. |
3.4.8 | Apply deny-by-exception (blacklist) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. | CM.3.069 CM.4.073 |
CM-7(4) CM-7(5) |
|
3.4.9 | Control and monitor user-installed software. | CM.2.063 | CM-11 | CimTrak can identify user-installed software in order to ensure unneeded or unallowed software is not installed. |
Cross Mappings | ||||
3.8 | MEDIA PROTECTION | CMMC# | 800-53 | How CimTrak Helps |
3.8.9 | Protect the confidentiality of backup CUI at storage locations. | RE.2.138 | CP-9 | CimTrak stores and protects information for the purpose of providing roll-back and remediation in the event that a change occurred that was unwanted or unexpected. That data is securely stored and encrypted to ensure non-repudiation of the data in question. |
Cross Mappings | ||||
3.11 | RISK ASSESSMENT | CMMC# | 800-53 | How CimTrak Helps |
3.11.2 | Scan for vulnerabilities in the information system and applications periodically and when new vulnerabilities affecting the system are identified. | RM.2.142 | RA-5 RA-5(5) |
CimTrak can scan and detect vulnerabilities utilizing threat intelligence feeds as well as white/blacklisting cloud services. |
3.11.3 | Remediate vulnerabilities in accordance with assessments of risk. | RM.2.143 | RA-5 | CimTrak provides the capability to remediate certain vulnerabilities, and prevent many vulnerabilities from occurring based on its ability to detect and identify in real-time malicious code obtained through black/whitelisting services. |
Cross Mappings | ||||
3.12 | SECURITY ASSESSMENT | CMMC# | 800-53 | How CimTrak Helps |
3.12.3 | Monitor information system security controls on an ongoing basis to ensure the continued effectiveness of the controls. | CA.3.161 | CA-2 CA-5 CA-7 PL-2 |
CimTrak is a critical detective control used to determine the integrity of infrastructure and the adherence to processes that determines a majority of all compliance requirements. |
Cross Mappings | ||||
3.13 | SYSTEM AND COMMUNICATIONS PROTECTION | CMMC# | 800-53 | How CimTrak Helps |
3.13.16 | Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). | SC.3.191 | SC-28 | CimTrak is the underlying integrity component that validates and verifies that boundary protection systems have not drifted from a known, expected or trusted state of operation. All sessions for management of systems and network devices are encrypted as well as the CUI while at rest. |
3.13.3 | Separate user functionality from information system management functionality. | SC.3.181 | SC-2—— |
Cross Mappings | ||||
3.14 | SYSTEM AND INFORMATION INTEGRITY | CMMC# | 800-53 | How CimTrak Helps |
3.14.1 | Identify, report, and correct information and information system flaws in a timely manner. | SI.1.210 | SI-2 SI-3 SI-5 |
CimTrak integrity management monitors and alerts in real-time unexpected and unwanted changes that can identify system flaws and threats with its cloud integrated services that include white listing, STIX/TAXII feeds and file reputation. |
3.14.2 | Provide protection from malicious code at appropriate locations within organizational information systems. | SI.1.211 | SI-2 SI-3 SI-5 |
CimTrak integrity management monitors and alerts in real-time unexpected and unwanted changes that can identify system flaws and threats with its cloud integrated services that include white listing, STIX/TAXII feeds and file reputation. CimTrak and also prevent file execution based on any combination of the cloud services and feeds. |
3.14.2e | Provide protection from malicious code at appropriate locations within organizational information systems. | SI.5.223 | SI-4 | CimTrak monitors and reports in real-time change activity from a variety of trusted sources and workflow processes to determine if changes to your infrastructure are unknow, unwanted or malicious |
3.14.3 | Monitor information system security alerts and advisories and take appropriate actions in response. | SI.2.214 | SI-2 SI-3 SI-5 |
CimTrak integrity management monitors and alerts in real-time unexpected and unwanted changes that can identify system flaws and threats with its cloud integrated services that include white listing, STIX/TAXII feeds and file reputation. |
3.14.4 | Update malicious code protection mechanisms when new releases are available. | SI.1.212 | SI-3 | CimTrak integrity management monitors and alerts in real-time unexpected and unwanted changes that can identify system flaws and threats with its cloud-integrated services that include white listing, STIX/TAXII feeds and file reputation. CimTrak and also prevent file execution based on any combination of the cloud services and feeds. |
3.14.5 | Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. | SI.1.213 | SI-3 | |
3.14.6 | Monitor the information system including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. | SI.2.216 | AU-2 AU-2(3) AU-6 SI-4 SI-4(4) |
CimTrak monitors and reports in real-time change activity from a variety of trusted sources and workflow processes to determine if changes to your infrastructure are unknow, unwanted or malicious |
3.14.6e | SI.4.221 | SI-5 SI-5(1) |
CimTrak integrity management monitors and alerts in real-time unexpected and unwanted changes that can identify system flaws and threats with its cloud integrated services that include whitelisting, STIX/TAXII feeds and file reputation. | |
3.14.7 | Identify unauthorized use of the information system. | SI.2.217 | SI-4 | CimTrak monitors and reports in real-time change activity from a variety of trusted sources and workflow processes to determine if changes to your infrastructure are unknow, unwanted or malicious |
See for yourself how to make your systems truly secure and compliant.