Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

NIST 800-53: Configuration Management

by Stephanie Dunn
January 17, 2017

NIST 800-53: Configuration Management

Network assets are always in a constant state of change, as systems traverse the network, and software is installed or updated. Changes can update critical devices or applications, allow for malicious devices or malware to connect to the network, or leave security gaps in devices that can easily be exploited. Knowing when a change was made to a device, software installed, or when a new system connected to the network can help reduce security risks, and achieve a more compliant state. This dashboard covers key concepts within the NIST 800-53 guide that supports monitoring hardware and software asset changes, and the status of existing security controls.

The National Institute of Standards and Technology (NIST) developed the NIST Special Publication (SP) 800-53 revision 4, “Security and Privacy Controls for Federal Information Systems and Organizations” to provide federal information systems and organizations with security controls and processes to protect against a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors. By integrating these controls, organizations will be able to achieve a more consistent level of security and flexibility that can be customized for use with specific industries, standards, and business requirements, and complement other established information security standards. Data presented within this dashboard aligns with NIST 800-53 controls that support change management policies, monitoring asset inventory, and maintaining control over software installations. This dashboard aligns with the following controls:

  • Configuration Change Control (CM-3)
  • Least Functionality (CM-7)
  • Information Systems Component Inventory (CM-8)
  • User-Installed Software (CM-11)

This dashboard provides an overview of system counts, newly detected MAC addresses, installed software, configuration issues and other changes throughout the network. Having an accurate and up-to-date count of existing assets on the network will assist analysts in preventing unauthorized devices from connecting to the network. Monitoring asset changes will also help security teams to identify blind spots that may have been previously overlooked.

Organizations will be able to keep track of operating systems and software deployments. This information will enable organizations to gain control over software licenses, and reduce unnecessary costs. Information on software installations will highlight unauthorized and unsupported software running on network assets. Audit checks will monitor the status of existing security controls on network assets, and whether the security policies in place are effective. Data will also highlight software or devices with default security configurations that are placing the organization at risk. Monitoring changes across infrastructure devices, user accounts, and software will help to identify and prevent unauthorized modifications that could negatively impact critical systems.

This dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The dashboard requirements are:

  • Tenable.sc 5.4.2
  • Nessus 8.4.0
  • LCE 6.0.0
  • NNM 5.9.0

Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect the organization. Tenable's Tenable.sc Continuous View (CV) is continuously updated with information about advanced threats, zero-day vulnerabilities, and new regulatory compliance data. Active scanning periodically examines systems to determine vulnerabilities and compliance concerns. Agent scanning enables scanning and detection of vulnerabilities on transient and isolated devices. Passive listening collects data to continuously monitor traffic and collect information on asset changes. Host data and data from other security products is analyzed to monitor the network for changes on infrastructure devices, user accounts, and software installations. Tenable.sc CV provides an organization with the most comprehensive view of the network and the intelligence needed to secure and protect assets within the network.

The following components are included within this dashboard:

  • Network Mapping - System Counts: This component presents the counts of systems detected on the network in various categories. The total number of systems is displayed, along with the counts of actively scanned systems detected by Nessus, passively detected systems discovered by NNM, and systems from which LCE obtained logs. For these, percentages of the total system count are displayed. The percentage bar color reflects coverage and will be red for a low percentage of total systems, yellow for a medium percentage, and green for a high percentage. In addition, counts of external-facing systems, systems that clients connect to (servers), admin systems, wireless access points, and web servers are also displayed. For each of these, percentages of the total system count are displayed with black bars. Finally, the count of exploitable systems on the network is displayed, along with a percentage bar displayed in red. Using this matrix, organizations will be able to gain a more complete picture of existing assets and high-valued systems on the network.
  • Discovery Scan - Hosts Per Asset List: The 'Hosts Per Asset List' table component lists the live host counts distributed across Tenable.sc 4 assets. In the screen shot, example network locations with their labels have been uploaded into Tenable.sc 4 and represent physical locations. A retail store could upload their store locations and corresponding network CIDRs.
  • Configuration Management - Top Subnets with New MAC Addresses: This component presents a summary of newly detected MAC addresses per subnet over the last 72 hours. Event data will highlight new MAC addresses from mobile devices, wireless devices, and other devices. Using this information, security teams can drill down and change the filter to “Raw Syslog Events”, which will provide information on the IP and MAC address of the network asset. Security teams can use the information provided to effectively manage current inventory assets, and monitor the network for unauthorized devices.
  • Configuration Management - Detected Software: This matrix presents indicators that detect operating systems, browsers, unsupported, and other software installations on systems within a network. Indicators will turn purple when a match is found, and display a list of detected software. Analysts will find this information useful in tracking software licenses, and identify hosts running unauthorized or malicious software. Additionally, the data provided within this component can be used to monitor systems running unsupported software, which can contain vulnerabilities and place critical systems at risk. Filters within this component can be modified to include additional or specific software per organizational requirements.
  • Compliance Summary - Secure Configuration Compliance Checks: This component presents the results of compliance audits to verify the secure configuration of systems, including least functionality, disabling unnecessary services, and inventory and change control settings. Each row includes the system count, whether scans were performed in the last seven days, and the percentage of checks that passed, failed, or require manual verification. Passed checks are displayed in green, failed checks are in red, and checks that require manual verification are in orange. The count of hosts with failed checks is also given.
  • Compliance Summary - Top Subnets with Compliance Concerns: This table presents the top Class C subnets with the most compliance concerns. High severity indicates compliance failures, and medium severity indicates compliance advisories or checks that must be performed manually. The table is ordered so the subnet with the most compliance concerns is at the top. This information will help an analyst to identify which subnet needs the most attention in terms of compliance.
  • CSF - Top Detected Changes (Last 72 Hours): This table displays the top change events detected on the network in the last 72 hours. The table is sorted so that the changes detected most often are at the top. This table can be used by an analyst to investigate recent network changes and determine if they are appropriate and authorized.
Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.