Home    Regulatory Compliance    FISMA/NIST 800-53 Compliance

Overview

FISMA/NIST 800-53 is a compliance requirement established by the Federal Information Security Management Act and the National Institute of Standards and Technology. It provides guidelines and standards for federal agencies and organizations that handle sensitive government information. Compliance with FISMA/NIST 800-53 ensures the confidentiality, integrity, and availability of federal information systems. 

For more information, refer to the FISMA/NIST 800-53 publication: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Netsurion Managed XDR for FISMA/NIST 800-53 Compliance 

Netsurion Managed XDR combines SIEM, log management, proactive threat hunting, and guided incident response to effectively meet the requirements outlined in FISMA/NIST 800-53 compliance. With comprehensive monitoring, analysis, and reporting capabilities organizations can identify and manage their assets, establish access controls, protect resources, and respond promptly to incidents. 

By leveraging Netsurion Managed XDR, organizations can strengthen their information security posture, protect sensitive government information, and achieve compliance with FISMA/NIST 800-53. This ensures the confidentiality, integrity, and availability of federal information systems. 

Using Netsurion Managed XDR to meet FISMA/NIST 800-53 

Access Control

AC-2 – Account Management

The organization manages information system accounts, including establishing, activating, modifying, reviewing, disabling, and removing accounts. The organization reviews information system accounts.

Netsurion Open XDR collects all account management activities which get generated in the system. Netsurion Open XDR reports provide easy and standard review of all account management activity and can also detect any changes to Account Management.

AC-3 – Access Enforcement

The information system enforces assigned authorizations for controlling access to the system in accordance with applicable policy.

Netsurion Open XDR collects all access activities which get generated in the system. Netsurion Open XDR reports provide easy and independent review of access control settings and enforcement.

AC-5 – Separation of Duties

The information system enforces separation of duties through assigned access organizations.

Netsurion Open XDR collects information from production access control systems to help define role usage requirements, determine attempts to cross role boundaries, and changes to configurations that can affect separation of duties.

AC-6 – Least Privilege

The organization employs the concept of least privilege for specific duties and information systems (including specific ports, protocols, and services) in accordance with risk assessments as necessary to adequately mitigate risk to organizational operations, organizational assets, and individuals.

Netsurion Open XDR monitors activities of both users and systems to assist in determining necessary access, frivolous access, and resource needs of production systems. Review of activities such as network connections, application access, and system logons can help identify appropriate and inappropriate use according to policy.

AC-7 – Unsuccessful Login Attempts

The information system enforces a limit of specific number of consecutive invalid access attempts by a user within a certain time period. The information system automatically locks the account for a specified time period and delays next login prompt after a set timeframe has expired.

Netsurion Open XDR collects all authentication activities which get generated in the system. Netsurion Open XDR reports provide easy and standard review of unsuccessful login attempts to systems and applications. Netsurion Open XDR alerts can detect & report on multiple unsuccessful login attempts.

AC-17 – Remote Access

The organization authorizes, monitors, and controls all methods of remote access to the information system.

Netsurion Open XDR collects all account management activities which get generated in the system. Netsurion Open XDR reports provide easy and standard review of all account management activities.

AC-18 – Wireless Access Restriction

The organization:

  • Establishes usage restrictions and implementation guidance for wireless technologies; and
  • Authorizes, monitors, controls wireless access to the information system.

Netsurion Open XDR collects all access activities which get generated in the system. Netsurion Open XDR reports provide easy and independent review of access control settings and enforcement.

AC-19-Access Control for Portable and Mobile Systems

The organization:

  • Establishes usage restrictions and implementation guidance for organization-controlled portable and mobile devices; and
  • Authorizes, monitors, and controls device access to organizational information systems.

Netsurion Open XDR entity and network definitions allow for correlation and event monitoring based on location relative to the organizational networks, to determine inbound, outbound, and local network traffic. Remote access and usage activities from mobile devices can be monitored by observation of the logs from authentication systems, security systems and production servers.

AC-20 – Personally Owned Information Systems/Use of External Information Systems

The organization establishes terms and conditions for authorized individuals to:

  • Access the information system from an external information system; and
  • Process, Store, and/or transmit organization controlled information using an external information system.

Netsurion Open XDR collects remote access activities which get generated in the system. Netsurion Open XDR analysis facilities and reports provide easy and independent review of external access to information systems.

Audit and Accountability

AU-4 – Audit Storage Capacity

The organization allocates sufficient audit record storage capacity and configures auditing to reduce the likelihood of such capacity being exceeded.

Netsurion Open XDR provides central, secure, and independent audit log storage Netsurion Open XDR’s high compression of the data (> 80%) ensures extensible storage of audit log data, ensures capacity will not be exceeded.

AU-5 – Response to Audit Processing Failures

The information system alerts designated organizational officials in the event of an audit processing failure.

Netsurion Open XDR provides support for NIST 800-53 control enhancement AU-5.

  • By completely automating the process of centrally collecting and retaining all audit log messages. Netsurion Open XDR core functionality provides alerting for audit storage over utilization. Netsurion Open XDR also provides direct support for NIST 800-53 control enhancement AU-5.
  • By collecting and analyzing audit processing failure logs. Netsurion Open XDR provide alerting on processing failure activity including audit log clearing, audit logging stoppage, and failed audit log writes. Netsurion Open XDR investigations, reports, and details provide evidence of audit processing failure activity including audit log clearing, audit logging stoppage, and failed audit log writes.

AU-6 – Audit Monitoring, Analysis, and Reporting

The organization regularly reviews/analyzes information system audit records for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, report findings to appropriate officials, and takes necessary actions.

Netsurion Open XDR provides centralized monitoring, analysis, and reporting of audit activity across the entire IT infrastructure. Netsurion Open XDR automates the process of identifying high-risk activity and prioritizes based on asset risk. High-risk activity can be monitored in real-time or alerted on. Netsurion Open XDR reports provide easy and standard review of inappropriate, unusual, and suspicious activity

AU-7 – Audit Reduction and Report Generation

The information system provides an audit reduction and report generation capability.

Netsurion Open XDR policy based log processing capabilities provide automatic audit log reduction. “Interesting” audit logs can be forwarded as events for immediate monitoring and/or alerting. “Uninteresting” audit logs can be filtered out and/or retained at an archive-only level. Netsurion Open XDR analysis and reporting facilities provide aggregated views of audit data providing further audit reduction. Netsurion Open XDR provides extensive report generation capabilities.

AU-8 – Time Stamps

The information system provides time stamps for use in audit record generation.

Netsurion Open XDR collects all user access events logs in real-time and retains the date and time stamp in which they occurred.

AU-9 – Protection of Audit Information

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Netsurion Open XDR provides central and secure storage of all audit log data.

AU-11 – Audit Retention

The organization retains audit records for an appropriate time period to provide support for after the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

Netsurion Open XDR completely automates the process and requirement of collecting and retaining audit logs. Netsurion Open XDR retains logs in compressed archive files, easy-to-manage, long-term storage. Log archives can be restored quickly and easily months or years later in support of after-the-fact investigations.

AU-13 – Monitoring for Information Disclosure

The organization monitors open source information for evidence of unauthorized ex-filtration or disclosure of organizational information.

Netsurion Open XDR provides support for NIST 800-53 control requirement AU-13 by utilizing the feature of the Windows System Monitor. Netsurion Open XDR independently monitors and logs the connection and disconnection of external data devices to the host computer where the Agent is running. Also monitors and logs the transmission of files to an external storage device. It can be configured to protect against external data device connections by ejecting specified devices upon detection. External USB drive storage devices include Flash/RAM drives and CD/DVD drives.

Security Assessment and Authorization

CA-2 – Security Assessments

The organization conducts an assessment of the security controls in the information system periodically to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

Netsurion Open XDR’s log analysis and reporting capabilities can be leveraged during a security assessment to help ensure implemented controls are functioning as intended and to potentially identify any weaknesses.

CA-3 – Information System Connections

The organization authorizes all connections from the information system to other information systems outside of the accreditation boundary through the use of system connection agreements and monitors/controls the system connections on an ongoing basis.

Netsurion Open XDR can collect network device logs and also Netsurion Open XDR’s Network Connection Monitoring feature will identify the network connections established. Netsurion Open XDR’s analysis & reporting capabilities can be used for reviewing network activity to ensure only authorized communications occur. Netsurion Open XDR alerts can be used for detecting unauthorized communications.

CA-7 – Continuous Monitoring

The organization monitors the security controls in the information system on an ongoing basis.

Netsurion Open XDR monitoring, analysis, and reporting capabilities provide for continuous monitoring of specific controls across the IT infrastructure. For instance, Netsurion Open XDR alerts can detect the use of restricted accounts.

Configuration Management

CM-3 – Configuration Change Control

The organization: Audits activities associated with configuration-controlled changes to the system.

Netsurion Open XDR provides support for NIST 800-53 control requirement CM-3 by collecting and analyzing all configuration change logs. Netsurion Open XDR provide alerting on configuration/policy changes on critical systems. Netsurion Open XDR investigations, reports, and details provide evidence of configuration/policy changes.

CM-4 – Monitoring Configuration Changes

The organization monitors changes to the information system conducting security impact analyses to determine the effects of the changes.

Netsurion Open XDR monitoring capability can be used to detect the following changes to the file system:

  • Additions
  • Deletions
  • Modifications
  • Permissions

Netsurion Open XDR analysis & reporting capabilities can be used for monitoring configuration changes. Netsurion Open XDR alerting can be utilized to detect and notify of changes to specific configurations.

CM-5 – Access Restrictions for Change

The organization:

  • approves individual access privileges and enforces physical and logical access restrictions associated with changes to the information system; and
  • Generates, retains, and reviews record reflecting all such changes

Netsurion Open XDR collects all access activity and changes to access controls. Netsurion Open XDR reports provide easy and independent review of access control settings and enforcement.

CM-6 – Configuration Settings

The organization: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.

Netsurion Open XDR provides support for NIST 800-53 control requirement CM-6 by collecting and analyzing all configuration change logs. Netsurion Open XDR provide alerting on configuration/policy changes on critical systems. Netsurion Open XDR investigations, reports, and details provide evidence of configuration/policy changes.

CM-11 – User Installed Software

The organization enforces explicit rules governing the installation of software by users.

Netsurion Open XDR monitoring, analysis, and reporting capabilities provide for continuous monitoring of specific controls across the IT infrastructure. For instance, Netsurion Open XDR alerts can detect the use of restricted accounts.

Contingency Planning

CP-9 – Information System Backup

The organization:

  • Conducts backups of user-level information contained in the information system
  • Conducts backups of system-level information contained in the information system
  • Conducts backups of information system documentation including security related documentation

Netsurion Open XDR provides support for NIST 800-53 control requirement CM-9 by collecting and analyzing all software backup logs. Netsurion Open XDR provide alerting on backup failures. Netsurion Open XDR investigations, reports, and details provide evidence of backup failures/success.

Identification and Authentication

IA-2 – Identification and Authentication (Organizational Users)

The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Netsurion Open XDR provides support for NIST 800-53 control requirements IA-2 by collecting and analyzing all authentication logs. Netsurion Open XDR provide alerting on authentication failures. Netsurion Open XDR investigations, reports, and details provide evidence of all account authentication activity.

IA-3 – Device Identification and Authentication

The information system uniquely identifies and authenticates before establishing a connection.

Netsurion Open XDR provides support for NIST 800-53 control requirements IA-3 by collecting and analyzing all authentication logs. Netsurion Open XDR provide alerting on vendor default account authentications. Netsurion Open XDR investigations, reports, and details provide evidence of all account authentication activity including those from vendor default accounts.

IA-8 – Identification and Authentication (Non-Organizational Users)

The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).

Netsurion Open XDR provides support for NIST 800-53 control requirements IA-8 by collecting and analyzing all authentication logs. Netsurion Open XDR provide alerting on vendor or 3rd party account authentication failures. Netsurion Open XDR investigations, reports, and details provide evidence of all account authentication activity including those from vendor or 3rd party accounts.

Incident Response

IR-4 – Incident Handling

The organization implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery.

Netsurion Open XDR provides support for NIST 800-53 control enhancement IR-4 by detecting and notifying individuals of activity that may constitute an incident. Netsurion Open XDR’s analysis capabilities provide quick & easy analysis of activity to determine the incidents. Netsurion Open XDR provides correlation, pattern recognition, and behavioral analysis. Netsurion Open XDR’s integrated knowledge base provides information useful in responding to and resolving the incident.

IR-5 – Incident Monitoring

The organization tracks and documents information system security incidents.

Netsurion Open XDR provides direct support for NIST 800-53 control requirements IR-5 by providing security incident tracking and documentation through the Open XDR management interface.

IR-6 – Incident Reporting

The organization promptly reports incident information to appropriate authorities.

Netsurion Open XDR notification capabilities can route alerts to the appropriate individual based on group membership or relationship to the impacted system. Netsurion Open XDR reports provide summary and detail level reporting of incident based alerts.

IR-7 – Incident Response Assistance

The organization provides an incident response support resource that offers advice and assistance to users of the information system for the handling and reporting of security incidents. The support resource is an integral part of the organization’s incident response capability.

Netsurion Open XDR integrated knowledge base provides information useful in responding to and resolving incidents.

Maintenance

MA-2 – Controlled Maintenance

The organization Checks all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions.

Netsurion Open XDR provides support for NIST 800-53 control requirement MA-2 by collecting and analyzing all error logs. Netsurion Open XDR provide alerting on critical maintenance errors. Netsurion Open XDR investigations, reports, and details provide evidence of critical errors, process shutdowns, and system shutdowns which occur after maintenance.

MA-4 – Remote Maintenance

The organization authorizes, monitors, and controls any remotely executed maintenance and diagnostic activities, if employed.

Netsurion Open XDR can identify maintenance related activity for analysis and/or reporting. Netsurion Open XDR reports provide easy review of remotely executed maintenance activity.

MA-5 – Maintenance Personnel

The organization allows only authorized personnel to perform maintenance on the information system.

Netsurion Open XDR can identify maintenance related activity for analysis and/or reporting. Netsurion Open XDR reports provide easy review of maintenance activity.

Media Protection

MP-2 – Media Access

The organization restricts access to organization-defined types of digital and non-digital media to organization-defined list of authorized individuals using organization-defined security measures.

Netsurion Open XDR provides support for NIST 800-53 control requirement MP-2 by utilizing the feature of the Windows System Monitor. Netsurion Open XDR’s monitors and logs the connection and disconnection of external data devices to the host computer where the Agent is running, also monitors and logs the transmission of files to an external storage device. Netsurion Open XDR can be configured to protect against external data device connections by ejecting specified devices upon detection. External USB drive storage devices include Flash/RAM drives and CD/DVD drives.

Physical Environmental Protection

PE-3 – Physical Access Control

The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Netsurion Open XDR provides support for NIST 800-53 control requirement PE-3 by collecting log messages from physical access devices (i.e. Card Key) at all physical access points. Netsurion Open XDR provide alerting on suspicious physical access. Netsurion Open XDR investigations, reports, and details provide evidence of physical access failures/successes.

PE-5 – Access Control for Output Devices

The organization controls physical access to information system output devices to prevent unauthorized individuals from obtaining the output.

Netsurion Open XDR provides support for NIST 800-53 control requirement MP-2 by utilizing the feature of the Windows System Monitor. Netsurion Open XDR’s monitors and logs the connection and disconnection of external data devices to the host computer where the Agent is running, also monitors and logs the transmission of files to an external storage device. Netsurion Open XDR can be configured to protect against external data device connections by ejecting specified devices upon detection. External USB drive storage devices include Flash/RAM drives and CD/DVD drives.

PE-6 – Monitoring Physical Access

The organization monitors physical access to the information system to detect and respond to physical security incidents.

Netsurion Open XDR can collect log messages from physical access devices (i.e. Card Key) for analysis and reporting.

Personal Security

PS-4 – Personnel Termination

The organization, upon termination of individual employment, terminates information system access, conducts exit interviews, retrieves all organizational information system related property, and provides appropriate personnel with access to official records created by the terminated employee that are stored on organizational information systems.

Netsurion Open XDR reports provide easy review of terminated personnel to ensure access rights have been removed. Netsurion Open XDR alerts can be used to detect usage of should-be terminated user accounts.

PS-5 – Personnel Transfer

The organization reviews information systems/facilities access authorizations when personnel are reassigned or transferred to other positions within the organization and initiates appropriate actions.

Netsurion Open XDR reports provide easy review of transferred personnel to ensure access rights have been terminated and/or appropriately modified.

PS-7 – Third-Party Personnel Security

The organization Monitors provider compliance.

Netsurion Open XDR provides support for NIST 800-53 control requirement PS-7 by collecting both physical and logical access control log messages. Netsurion Open XDR investigations, reports, and details provide evidence of revocation of cyber/physical access including access revocation, account deletion/modification, account disabling, and account locking for 3rd parties.

Risk Assessment

RA-5 – Vulnerability Scanning

The organization:

  • Scans for vulnerabilities in the information system and hosted applications and when new vulnerabilities potentially affecting the system/applications are identified and reported.
  • Analyzes vulnerability scan reports and results from security control assessments.

Netsurion Open XDR provides support for NIST 800-53 control requirement RA-5 by collecting vulnerability detection log messages. Netsurion Open XDR provides alerting on high risk vulnerabilities. Netsurion Open XDR investigations, reports, and details provide evidence of security vulnerabilities from vulnerability detection systems.

System and Communications Protection

SC-5 – Denial of Service Protection

The information system protects against or limits the effects of the following types of denial of service attacks (organization-defined list of types of denial of service attacks or reference to source for current list).

Netsurion Open XDR provides support for NIST 800-53 control requirement SC-5 by providing central collection and monitoring of security log messages. Netsurion Open XDR provide alerting on security events like any out of ordinary behavior in the environment. Netsurion Open XDR investigations, reports, and details provide evidence of security events.

SC-7 – Boundary Protection

The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system.

Netsurion Open XDR can collect boundary device logs from routers, firewalls, VPN servers, etc. Netsurion Open XDR can alert on unauthorized or suspicious activity. Netsurion Open XDR reports provide a consolidated review of internal/external boundary activity and threats.

SC-15 – Collaborative Protection

The information system prohibits remote activation of collaborative computing mechanisms and provides an explicit indication of use to the local users.

Netsurion Open XDR will be able to identify report and/or alert on the initiation of specific collaborative computing activity.

SC-18 – Mobile Code

The organization:

  • Establishes usage restrictions and implementation guidance for mobile code technologies based on the potential to cause damage to the information system if used maliciously.
  • Authorizes, monitors, and controls the use of mobile code within the information system.

Netsurion Open XDR will be able to identify report and/or alert on specific mobile code activity.

SC-19 – Voice over Internet Protocol

The organization:

  • Establishes usage restrictions and implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously.
  • Authorizes, monitors, and controls the use of VoIP within the information system.

Netsurion Open XDR will be able to identify report and/or alert on specific VoIP activity.

SC-28 – Protection of Information at Rest

The information system protects the confidentiality and integrity of information at rest.

Netsurion Open XDR provides supplemental support for NIST 800-53 control requirement SC-28 by providing details of changes to information at rest. Netsurion Open XDR can be configured to monitor system file or directory activity, deletions, modification, and permission changes.

System and Information Integrity

SI-2 – Flaw Remediation

The organization identifies, reports, and corrects information system flaws.

Netsurion Open XDR provides support for NIST 800-53 control requirement SI-2 by collecting and analyzing all error logs. Netsurion Open XDR provide alerting on critical errors caused by flaws. Netsurion Open XDR investigations, reports, and details provide evidence of critical errors, process shutdowns, and system shutdowns caused by system flaws.

SI-3 – Malicious Code Protection

The organization:

  • Employs malicious code protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code:
    – Transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means; or
    – Inserted through the exploitation of information system vulnerabilities;
  • Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures;
  • Configures malicious code protection mechanisms to:
    – Perform periodic scans of the information system and real-time scans of files from external sources as the files are downloaded, opened, or executed in accordance with organizational security policy
    – Block malicious code; quarantine malicious code; send alert to administrator in response to malicious code detection

Netsurion Open XDR provides support for NIST 800-53 control requirement SI-3 by collecting log messages from antivirus software and other anti-malware tools. Netsurion Open XDR provide alerting on antivirus critical/error conditions, malware infections, and signature update failures. Netsurion Open XDR investigations, reports, and tails provide evidence of antivirus activity, malware infections, and signature update failures/successes. Netsurion Open XDR independently monitors and logs the connection and disconnection of external data devices to the host computer where the Agent is running. Also monitors and logs the transmission of files to an external storage device. It can be configured to protect against external data device connections by ejecting specified devices upon detection. External USB drive storage devices include Flash/RAM drives and CD/DVD drives.

SI-4 – Information System Monitoring

Information system monitoring capability is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, audit record monitoring software, network monitoring software).

Monitoring devices are strategically deployed within the information system to collect essential information. Monitoring devices are also deployed at ad hoc locations within the system to track specific transactions. Additionally, these devices are used to track the impact of security changes to the information system.

Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls, and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion Open XDR’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion Open XDR’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion Open XDR’s integrated knowledge base provides information and references useful in responding to and resolving intrusions.

SI-5 – Security Alerts and Advisories

The organization receives information system security alerts/advisories on a regular basis, issue alerts/ advisories to appropriate personnel, and takes appropriate actions in response.

Netsurion Open XDR can alert on specific intrusion related activity. Users can be notified based on department or role. Netsurion Open XDR’s integrated knowledge base provides information and references useful in responding to and resolving intrusions.

SI-7 – Software and Information Integrity

The information system detects and protects against unauthorized changes to software and information.

Netsurion Open XDR monitoring capability can be used to detect the following changes to the file system:

  • Additions
  • Deletions
  • Modifications
  • Permissions

This capability can be used to detect unauthorized changes to software and information.

SI-8 – Spam Protection

The organization employs spam protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and take action on unsolicited messages transported by electronic mail, electronic mail attachments, web accesses, or other common means.

Netsurion Open XDR provides support for NIST 800-53 control requirement SI-8 by collecting and analyzing SPAM logs. Netsurion Open XDR investigations, reports, and details provide evidence of SPAM protection activity.

SI-11 – Error Handling

The information system identifies potentially securityrelevant error conditions.

Netsurion Open XDR provides support for NIST 800-53 control requirement SI-11 by collecting and analyzing all error logs. Netsurion Open XDR provide alerting on security related critical errors. Netsurion Open XDR investigations, reports, and details provide evidence of security related errors, process shutdowns, and system shutdowns.