Overview
NCUA, the National Credit Union Administration, is an independent federal agency that regulates and supervises federally insured credit unions in the United States. It establishes compliance requirements to ensure the safety and soundness of the credit union system, protect member deposits, and promote consumer protection. Compliance with NCUA regulations is essential for credit unions to maintain the trust and confidence of their members and operate in a secure and responsible manner.
For more information, refer to the NCUA publication: https://ncua.gov/regulation-supervision/regulatory-compliance-resources
Netsurion Managed XDR for NCUA Compliance
Netsurion Managed XDR combines SIEM, log management, proactive threat hunting, and guided incident response to effectively meet the requirements outlined in NCUA compliance. With comprehensive monitoring, analysis, and reporting capabilities organizations can identify and manage their assets, establish access controls, protect resources, and respond promptly to incidents.
By partnering with Netsurion, credit unions can enhance their security posture, protect member data, and achieve NCUA compliance. This enables credit unions to demonstrate their commitment to maintaining the highest standards of security, privacy, and member protection.
Using Netsurion Open XDR to meet NCUA Requirements
Access Rights Administration
Control-1: Determine that administrator or root privilege access is appropriately monitored, where appropriate. Management may choose to further categorize types of administrator/root access based upon a risk assessment. Categorizing this type of access can be used to identify and monitor higher-risk administrator and root access requests that should be promptly reported.
Netsurion Open XDR collects all account management and account usage activity. The creation of privileged accounts (i.e., administrator, root) or granting of privileged rights is easily and automatically monitored, alerted and reported on.
Authentication
Control-1: Determine whether access to system administrator level is adequately controlled and monitored.
Netsurion Open XDR collects all account management usage activity. The creation of privileged accounts (i.e., administrator, root) or granting of privileged rights is easily and automatically monitored, alerted and reported on.
Network Security
Control-1: Determine whether logs of security related events and log analysis activities are sufficient to affix accountability for network
activities, as well as support intrusion forensics and IDS. Additionally, determine that adequate clock synchronization takes place.
Netsurion Open XDR can collect logs from network devices, IDS/IPS systems, Anti-Virus, firewalls and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT Infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks.
Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions.
Network Security
Control-2: Determine whether logs of security related events are appropriately secured against unauthorized access, change and deletion for an adequate time period, and that reporting to those logs is adequately protected.
Netsurion Open XDR helps ensure audit trail are protected from unauthorized modification. Netsurion Open XDR collects logs immediately after they are generated and stores them in a secure repository. Netsurion Open XDR servers utilize access controls at the operating system and application level to ensure that log data cannot be modified or deleted.
Netsurion Open XDR completely automates the process of retaining the audit trail. Netsurion Open XDR creates archive files of all collected log entries. These files are organized in a directory structure by day making it easy to store, backup and destroy log archives based on the policy.
Network Security
Control-3: Determine whether remote access devices and network access points for remote equipment are appropriately controlled.
- Remote access is disabled by default, and enabled only by management authorization.
- Management authorization is required for each user who accesses sensitive components or data remotely.
- Authentication is of appropriate strength (e.g., two-factor for sensitive components).
- Modems are authorized, configured and managed to appropriately mitigate risks.
- Appropriate logging and monitoring takes place.
- Remote access devices are appropriately secured and controlled by the institution.
Netsurion Open XDR collects network device logs. Netsurion Open XDR analysis & reporting capabilities can be used for reviewing network activity to ensure only authorized communications occur. Netsurion Open XDR alerts can be used for detecting unauthorized communications. Netsurion Open XDR collects remote access activity for VPN, SSH, etc. EventTracker reports provide easy and independent review of remote access to
information systems.
HOST Security
Control-1: Determine whether access to utilities on the host is appropriately restricted and monitored.
Netsurion Open XDR can collect audit logs reporting on the access and use of utilities on hosts for monitoring and reporting. Additionally, Netsurion’s file integrity monitoring capability can be used to independently detect access and use of utilities.
HOST Security
Control-2: Determine whether the host-based IDSs identified as necessary in the risk assessment are properly installed and configured, that alerts go to appropriate individuals using an out-of-band communications mechanism, and that alerts are followed up.
Netsurion Open XDR can collect logs from IDS/IPS systems. Netsurion Open XDR provides robust alerting and notification capabilities that help ensure alerts are routed to the appropriate individuals. Netsurion Open XDR integrated incident management capabilities provide accountability and reporting on alarm resolution.
HOST Security
Control-3: Determine whether logs are sufficient to affix accountability for host activities and to support intrusion forensics and IDS and are appropriately secured for a sufficient time period.
Netsurion Open XDR helps ensure audit trail are protected from unauthorized modification. Netsurion Open XDR collects logs immediately after they are generated and stores them in a secure repository. Netsurion Open XDR servers utilize access controls at the operating system and application level to ensure that log data cannot be modified or deleted.
Application Security
Control-1: Determine whether appropriate logs are maintained and available to support incident detection and response efforts.
Netsurion Open XDR completely automates the process of retaining your audit trail. Netsurion Open XDR creates archive files of all collected log entries. These files are organized in a directory structure by day making it easy to store, backup and destroy log archives based on your policy. Netsurion Open XDR detects the incident automatically and alerted on.
Software Development and Acquisition
Control-1: Evaluate whether the software acquired incorporates appropriate security controls, audit trails, and activity logs and that appropriate and timely audit trail and log reviews and alerts can take place.
Netsurion Open XDR collects logs from commercial and custom applications. Netsurion Open XDR provides central analysis, reporting, and alerting for application logs.
Security and Monitoring
Control-1: Identify the monitoring performed to identify non-compliance with institution security policies and potential intrusions.
- Review the schematic of the information technology systems for common security monitoring devices.
- Review security procedures for report monitoring to identify unauthorized or unusual activities.
- Review management’s self-assessment and independent testing activities and plans.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls, and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Security and Monitoring
Control-2: Determine whether logs of security related events are sufficient to support security incident detection and response activities, and that logs of application, host and network activity can be readily correlated.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls, and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Security and Monitoring
Control-3: Determine whether logs of security related events are appropriately secured against unauthorized access, change and deletion for an adequate time period, and that reporting to those logs is adequately protected.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls, and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Security and Monitoring
Control-4: Determine whether logs are appropriately centralized and normalized, and that controls are in place and functioning to prevent time gaps in logging.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls, and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Security and Monitoring
Control-5: Determine whether an appropriate process exists to authorize employee access to security monitoring and event management systems and that authentication and authorization controls appropriately limit access to and control the access of authorized individuals.
Netsurion Open XDR provides centralized secure access to all log data. Netsurion Open XDR leverages application and database level controls to restrict user access to authorized data and functions. Netsurion Open XDR includes discretionary access controls for restricting users to a defined subset of the log data collected.
Security and Monitoring
Control-6: Determine whether appropriate detection capabilities exist related to:
- Network related anomalies, including Blocked outbound traffic
- Unusual communications, including communicating hosts, times of day, protocols and other header related anomalies
- Unusual or malicious packet payloads
- Host-related anomalies, including
- System resource usage and anomalies
- User related anomalies
- Operating and tool configuration anomalies
- File and data integrity problems
- Anti-virus, anti-spyware, and other malware identification alerts
- Unauthorized access
- Privileged access
Netsurion Open XDR can collect logs from hosts, network devices, IDS/IPS systems, Anti-Virus, firewalls and other security devices. Netsurion Open XDR provides central analysis and monitoring of network and host activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion Open XDR alarming capability can be used to independently detect and alert on network and host based anomalies via sophisticated filtering, correlation and threshold violations.