Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Preparing for a Risk Management Framework (RMF) authorization, what RMF controls does Splunk support?

markh_colorado
Engager
‎08-02-2016 10:37 AM

We are preparing for an RMF authorization in a few months. What controls does Splunk support?

Thanks.

Tags (2)
0 Karma
Reply

chaoslodge
Explorer
‎10-23-2017 12:14 PM

While I have not found anything that can be considered an exhaustive and authoritative list, I did find a July 2017 document from Splunk called "Splunk for RMF - Opererationalizing Continous Monitoring" I think you might have to contact whomever your Splunk rep is to get that. It has a list of controls that Splunk can help answer but is by no means complete from my own observation.

My team and I are currently expanding upon this list and mapping Splunk capabilities to controls. The process is a bit tedious as it involves going through each control family and making a decision about each. Your list of controls and how you handle them is subjective to your information system and its CIA as well as any sort of PII or classification overlays.

My methodology on this is to pull a control family at a time into a spread sheet with the CCI description, Implementation Guidance and Assessment Procedures all included in the row for each of the CCIs associated with the controls. I then go through them asking myself if Splunk has a direct, indirect or no role to play in meeting the requirements of that CCI. From there we have a punch list of items to use as requirements as we tune Splunk and create reports etc,... to meet them.

Reply

swagner1965
Path Finder
‎10-10-2018 08:26 AM

Following up. This has worked really well for us. I am now in the process of running down evidentiary artifacts in the form of either reports or creating searches to show auditors. .conf files and the stanzas inside of them are one of the things we are looking at to show our configurations are inline with the RMF controls.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...