Cybersecurity Framework Audit Dashboards

by Cody Dumont
March 4, 2014

SecurityCenter and Nessus have the ability to check compliance status using the audit files.  With native flexibility of all Tenable products, SecurityCenter is able to report on the compliance status of the Cybersecurity Framework using the compliance data previously collected.  This dashboard provides two views of compliance data. One view includes ration bars indicating ratio of checks to status of the check.  The other data set shows a matrix of the compliance check status.  

Using the flexible features native to Tenable products, the audit files used when conducting compliance scans can be utilized for more than one type of compliance verification.  A clear case in point is the new Cybersecurity Framework (CSF) developed by NIST.  The details for CSF can be found at http://www.nist.gov/cyberframework.

As part of the Framework, NIST provides references to other standards such as NIST 800-53, COBIT 5, and ISO/IEC 27001.  Using data already collected with audit files created or modified after July 2013, security professionals and auditors can begin to validate compliance with CSF, thus giving SecurityCenter customers an edge over others in beginning the analysis of compliance.  

A whitepaper that discusses how Tenable products can help your organization meet the guidelines of the Cybersecurity Framework can be found at Vulnerability Management and Risk Assessment for the Cybersecurity Framework.

The dashboard and its components are available in the SecurityCenter 4.7 Dashboard app feed, an app store of dashboards, reports, and assets.The dashboard requirements are:

  • SecurityCenter 4.7.1
  • Nessus 5.2.5
  • Updated Audit Files from the Support Portal (Release date after 1 July 2013)

This dashboard is available in the app feed in three formats.  The first is the combined format with both ratio and indicator based components.  There are two additional collections that display all the ratio components together, and all of the icon based components.  The titles for all three dashboards are:

  • Cybersecurity Framework Audit Summary – The combined dashboard.
  • Cybersecurity Framework Audit Check Result Ratio – The dashboard with ratio based components.
  • Cybersecurity Framework Audit Check Status – The dashboard with icon based components.

These dashboards provide coverage for the following CSF functions:

Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.  The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.  The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.  The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.

Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.  The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.