Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Preparing for a Risk Management Framework (RMF) authorization, what RMF controls does Splunk support?

markh_colorado
Engager
‎08-02-2016 10:37 AM

We are preparing for an RMF authorization in a few months. What controls does Splunk support?

Thanks.

Tags (2)
0 Karma
Reply

chaoslodge
Explorer
‎10-23-2017 12:14 PM

While I have not found anything that can be considered an exhaustive and authoritative list, I did find a July 2017 document from Splunk called "Splunk for RMF - Opererationalizing Continous Monitoring" I think you might have to contact whomever your Splunk rep is to get that. It has a list of controls that Splunk can help answer but is by no means complete from my own observation.

My team and I are currently expanding upon this list and mapping Splunk capabilities to controls. The process is a bit tedious as it involves going through each control family and making a decision about each. Your list of controls and how you handle them is subjective to your information system and its CIA as well as any sort of PII or classification overlays.

My methodology on this is to pull a control family at a time into a spread sheet with the CCI description, Implementation Guidance and Assessment Procedures all included in the row for each of the CCIs associated with the controls. I then go through them asking myself if Splunk has a direct, indirect or no role to play in meeting the requirements of that CCI. From there we have a punch list of items to use as requirements as we tune Splunk and create reports etc,... to meet them.

Reply

swagner1965
Path Finder
‎10-10-2018 08:26 AM

Following up. This has worked really well for us. I am now in the process of running down evidentiary artifacts in the form of either reports or creating searches to show auditors. .conf files and the stanzas inside of them are one of the things we are looking at to show our configurations are inline with the RMF controls.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...

Index This | How many sevens are there between 1 and 100?

August 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...