LogRhythm Solutions - Compliance
Your organization faces unique compliance challenges. LogRhythm helps you address them by providing pre-configured compliance automation modules that address many of the most common regulatory frameworks.
FISMA Compliance for Federal Agencies
Navigating FISMA Compliance and Audit Requirements
The Federal Information Security Management Act (FISMA) requires that all federal agencies document and implement controls for information technology systems that support their operations and assets.
9 Steps for FISMA Compliance
The National Institute of Standards and Technology (NIST) outlines nine steps for FISMA compliance:
- Categorize the information to be protected
- Select minimum base controls
- Refine controls using a risk-assessment procedures
- Document the controls in the system security plan
- Implement security controls in the appropriate information systems
- Assess the effectiveness of the security controls once they have been implemented
- Determine the agency-level risk to the mission or business case
- Authorize the information system for processing
- Monitor the security controls on a continuous basis
- LogRhythm Simplifies FISMA Compliance
Fully automate log collection, archiving and recovery across your agency’s entire infrastructure with LogRhythm. You’ll have the tools at your fingertips to align your organization’s risk assessment with forensic investigations, reporting and prioritization settings.
To start, the LogRhythm Security Intelligence Platform automatically performs the first level of log analysis. Log data is categorized, identified and normalized for easy analysis and reporting. With LogRhythm’s Case Management feature, you’ll be able to easily conduct forensic investigations around incident response activity.
Fill out the form to the right to download the LogRhythm Compliance Support for FISMA whitepaper and learn how LogRhythm’s powerful alerting capability automatically identifies your most critical issues and notifies necessary personnel.
GPG 13 Compliance for UK-Based Government Agencies
Get the Facts About GPG 13 Compliance
If you’re a HMG organization, you’re required to follow Protective Monitoring for HMG ICT Systems, based on Communications-Electronics Security Group’s Good Practice Guide 13 (GPG 13), to gain access to the UK Government Connect Secure Extranet (GCSX).
Standardizing IT Forensics, Incident Response and Management, and Enterprise Integrity
These guidelines give you an audit trail of relevant security operations related to events on your network. The 12 Protective Monitoring Controls (PMC) within GPG 13 describe specific requirements that you must comply with in everyday practice, as well as in audit situations.
Simplify GPG 13 Audits with LogRhythm
With LogRhythm’s report packages, AI Engine rules, investigations and tails, you’ll directly address control obligations mandated in GPG 13.
You can customize LogRhythm’s GPG 13-specific compliance module and reporting package to your environment. With the GPG 13 Advanced Compliance Suite, you will be empowered to build and maintain a sound compliance program.
With Case Management, you’ll be able to easily conduct forensic investigations around incident response activity.
To learn more, fill out the short form to the right to download the Automation Suite for GPG 13 Compliance whitepaper.
LogRhythm HIPAA Compliance for Healthcare
Protect Your Patient Records with HIPAA Compliance Automation
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule addresses technical and non-technical safeguards to secure individuals’ “electronic protected health information” (ePHI). To ensure compliance with HIPAA requirements, information systems are monitored using security information and event management (SIEM).
A SIEM provides you with actionable reports and empowers forensic investigations. With this tool in place, you will be able to get immediate notification and analysis of conditions impacting the integrity of your organization’s ePHI data.
Cost-Efficient Log Collection and Analysis
HIPAA requires the collection, management and analysis of log data. But IT environments consist of heterogenous devices, systems and applications that are all reporting log data—generating millions of log entries daily, if not hourly.
The task of organizing this information and deriving meaning from it can be overwhelming. The additional requirements of investigating and reporting on log data render manual processes or home-grown remedies inadequate and costly.
LogRhythm can help you to efficiently meet HIPAA compliance directives for log collection and reporting quickly. Case management also enables you to collect forensic evidence for incident response. You’ll be able to use access restrictions to set up who can view specific types of information.
Proactively Protect ePHI
In addition to delivering continuous HIPAA compliance automation, LogRhythm provides you with the tools you need to proactively protect ePHI so you can quickly detect and respond to breaches.
LogRhythm helps you to meet HIPAA compliance mandates in the following ways:
- Automated Compliance Suite for HIPAA
- Industry-specific embedded expertise for SIEM application
- Multiple automation tools to enforce continuous compliance
- ePHI protection to meet meaningful use requirements through File Integrity Monitoring application
- Custom support for EHR/EMR applications
- Powerful forensics for rapid breach reporting and investigation
- Integrations for third-party auditing applications (e.g. FairWarning)
LogRhythm Support for ISO 27001
ISO (International Organization for Standardization) Standard 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS (Information Security Management System) within the context of the organization’s overall business risks. These published guidelines cover many areas surrounding “access control”, “audit and accountability”, “incident response”, and “system and information integrity”.
The collection, management, and analysis of log data are integral to meeting many ISO 27001 guidelines. The use of LogRhythm directly meets some recommendations and decreases the cost to meet others. IT environments consist of heterogeneous devices, systems, and applications—all reporting log data. Millions of individual log entries can be generated daily, if not hourly. The task of organizing this information can be overwhelming. The additional recommendations of analyzing and reporting on log data render manual processes or homegrown remedies inadequate and cost prohibitive for many organizations.
LogRhythm collects logs continuously and real-time in the organizational IT environment. The logs are normalized, analyzed and presented in the LogRhythm Dashboard for real-time review. Alarms are activated on critical events that will cause immediate and direct notification to the administration. Reports and investigations for compliance are available at all times. Example Reports:
- System Critical And Error Conditions
- Alarm And Response Activity
- Usage Auditing Activity Summary
LogRhythm NERC CIP Compliance
Automate and Enforce Information Security Regulations for Electric Utilities
The North American Electric Reliability Corporation (NERC) created a framework to protect bulk power systems against cybersecurity compromises that could lead to operational failures or instability.
NERC CIP v5 further addresses cyber-related risks facing this sector by promoting organizations to categorize Bulk Electric Systems (BES) into high, medium and low impact. Once categorized, BES assets can have appropriate Critical Infrastructure Protection (CIP) standards applied to address risk.
Easily Measure NERC CIP Adherence
LogRhythm helps you meet NERC CIP compliance mandates with automation modules for both v3 and v5 to assist your organization in working through the transition period. These modules will streamline your compliance and provide advanced features for monitoring and enforcement, as well as delivering content through reporting packages.
Tailor NERC CIP Enforcement to Fit Your Organization’s Risk Priorities
Easily customize your enforcement of NERC CIP by adjusting alarm priority to align with your at-risk BES components. Quickly prioritize events, gather forensic data and implement remediation efforts to prevent misoperation or instability. Case Management will help you to facilitate your forensic investigations and incident response activities.
Reduce Noise and Focus Your Attention on the Alerts that Matter the Most
LogRhythm’s risk-based priority algorithm applies risk and threat factors to automatically qualify alarms, so your team can spend time working the highest-risk concerns instead of being lost in the weeds.
Achieve NERC CIP Compliance with LogRhythm
- Demonstrate compliance: Ensure that your BES operate within the requirements of applicable policies, legislation and regulations
- Enhanced risk management: LogRhythm provides an essential contribution to the mitigation of risks to the confidentiality, integrity and availability of information assets provided by BES
- Reporting and continuous improvement: LogRhythm contributes to mandatory reporting and process requirements of NERC CIP
- Situational awareness: LogRhythm delivers a real-time feed of information regarding the current status and threats to BES, ensuring incidents are detected, investigated and remediated
- Accountability: LogRhythm ensures that BES are used within the defined parameters and are not used for wasteful or unlawful purposes
- Network defense: LogRhythm enhances your other security countermeasures to provide a complete “defense-in-depth” approach and facilitate automated responses to threats to bulk electric systems
- Adaptability and growth: Our maturity module bridges the gap between the NERC CIP compliance platform to leverage cybersecurity and threat intelligence components of the LogRhythm Security Intelligence platform
PCI DSS Compliance
Real-Time Systems Monitoring for Credit Cardholder Transactions
The Payment Card Industry (PCI) Data Security Standards (DSS) were developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. The PCI DSS apply to all organizations that store, process or transmit cardholder data.
Easily Access Information Automatically Correlated with PCI DSS Asset Categories
With the LogRhythm PCI DSS Compliance Suite, you can simplify your investigations with alarms and reports that are automatically associated with the correct PCI DSS asset categories.
Schedule reports for periodic generation and delivery, or generate them on demand. Investigations and alarms will provide your team with immediate notification of activities that impact your organization’s cardholder data systems so you can identify areas of noncompliance in real time.
LogRhythm PCI DSS reporting packages can be customized to give your stakeholders and auditing bodies the specific content they require.
Automate PCI DSS Compliance
LogRhythm makes it easy for you to meet PCI DSS compliance mandates:
- Build and maintain a secure network: Monitor firewalls and network protection systems (e.g., IDS/IPS and UTM) as well as PCI-mandated behavior (e.g., removing default passwords)
- Protect cardholder data: Detect user behavior and configuration changes that may jeopardize the security of cardholder data
- Maintain a vulnerability management program: Monitor anti-malware and vulnerability products for rapid exposure assessment, incident handling and response
- Establish strong access controls: Watch access to cardholder systems and data to identify suspicious behavior
- Monitor and test networks: Establish an automated trail for all system components as mandated by PCI DSS requirements 10.2–10.7
- Enforce an information security policy: Support security best practices for PCI standards
- Support incident response: Case management is a crucial tool to facilitate forensic investigations around incident response activity
- Restrict access to content: Establish access controls within LogRhythm to limit what individuals can see as it relates to log and forensic data
LogRhythm for Sarbanes-Oxley Act (SOX) Compliance
Improve Your Security and SOX Compliance Posture While Reducing Costs
The Sarbanes-Oxley Act requires that all publicly traded companies implement and affirm a framework of internal controls that support accountability and integrity of the financial reporting process. The collection, management and analysis of log data is integral to meeting many SOX requirements.
Meet SOX COSO Requirements with Real-Time System Monitoring
Easily comply with SOX COSO mandates with LogRhythm’s real-time system monitoring. Automate the collection, archiving and recovery of logs across your entire infrastructure.
The LogRhythm Security Intelligence Platform automatically performs log data categorization, identification and normalization to simplify reporting and analysis. Your SOX risk assessments integrate into LogRhythm’s SOX Compliance Module to ensure your at-risk components are prioritized.
With our SOX Compliance Module, you’ll use industry best practices for applications, intrusion detection systems, malware systems, network access control systems, remote access systems, wireless access systems and file integrity monitoring.
Simplify SOX Compliance with Automation and Reporting
Directly meet SOX requirements with LogRhythm SOX reporting packages and automation of log management, review, analysis, alerting, archiving and retrieval. Case Management is a crucial tool to facilitate your forensic investigations around incident response activity.
LogRhythm for Gramm-Leach-Bliley Act (GLBA)
With the click of a mouse, LogRhythm’s pre-configured GLBA report package ensures you meet your reporting requirements.
The Gramm-Leach-Bliley Act (GLBA), also known as The Financial Modernization Act of 1999, was enacted to ensure protection over customer’s records and information. To satisfy the rules and provisions of GLBA, financial institutions are required to perform security risk assessments, develop and implement security solutions that effectively detect, prevent, and allow timely incident response, and to perform auditing and monitoring of their security environment.
The collection, management and analysis of log data are integral to meeting many GLBA requirements. LogRhythm directly meets many GLBA requirements and reduces the cost of complying with others and it features a pre-configured GLBA report package.
Get the facts you need to know about Log Management & Log Analysisand analysis compliance requirements for GLBA and how LogRhythm can help.
LogRhythm provides central monitoring of activity and conditions by collecting log data from hosts, applications, network devices, etc. LogRhythm provides real-time event monitoring, alerting, and reporting on specific activity and conditions.
LogRhythm 201 CMR 17.00 Compliance for Massachusetts
Meet 201 CMR 17.00 Audit Requirements with the LogRhythm Automation Suite
The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was developed to safeguard personal information of residents of the Commonwealth of Massachusetts. This regulation applies to all organizations (companies or persons) that own or license personal information about Massachusetts residents.
To be compliant with 201 CMR 17.00, all affected organizations must develop, implement and maintain an auditable comprehensive written information security program, containing administrative, technical and physical safeguards.
Automate Log Collection, Archiving and Recovery
Improve your organization’s overall security and compliance posture with LogRhythm. You’ll be able to fully automate log collection, archiving and recovery across your entire infrastructure.
The LogRhythm Security Intelligence Platform automatically performs log data categorization, identification and normalization to make analysis and reporting easy. Your analysts will receive notifications to clearly identify the most critical events through powerful alarming capabilities.
LogRhythm’s extensive support for both commercial and custom applications gives you comprehensive and efficient collection, processing, review and reporting of log sources specified in 201 CMR security requirements.
Protect Your Customer Data by Monitoring Information Systems and Applications in Real Time
With AI Engine, alarms, forensic investigations, reporting and tails, your team will get immediate notification and analysis of conditions that impact your organization’s customer data. With this information at your fingertips, you’ll be able to identify areas of non-compliance in real time.
LogRhythm DoDI (Department of Defense Instruction) 8500.2 Compliance
Collect, Archive and Recover Logs Across Your Entire IT Infrastructure
Your entire IT environment can generate millions of individual log entries daily, if not hourly. DoDI 8500.2 recommendations of analyzing and reporting on log data can render manual or homegrown remedies inadequate and cost prohibitive.
The collection, management and analysis of log data are integral to meeting many DoDI 8500.2 guidelines. With LogRhythm’s Security Intelligence Platform, you’ll meet many of these recommendations directly, while greatly reducing your cost to meet others. LogRhythm delivers log collection, archiving and recovery across your entire IT infrastructure and automates the first level of log analysis.
Analysis and Reporting, Simplified
Because LogRhythm automatically categorizes, identifies and normalizes data, analysis and reporting is easier than ever. In addition, LogRhythm’s powerful alerting empowers your analysts to automatically identify the most critical issues.
With the click of a mouse, or via an automated scheduler, your analysts will be able to pull DoDI 8500.2-specific reports to effectively monitor log data applicable to DoDI control guidelines.
LogRhythm Support for NRC RG 5.71
Gain Comprehensive Log Management and Analysis
Title 10 of the Code of Federal Regulations, Section 73.54 requires that US Nuclear Regulatory Commission (NRC) licensees provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks.
The NRC developed and published Regulatory Guide (RG) 5.71 to cover many areas surrounding access control, audit and accountability, incident response, and system and information integrity.
The LogRhythm Security Intelligence Platform directly meets many requirements for collection, management and analysis of log data that are integral to NRC RG 5.71 guidelines.
Simplify Analysis and Reporting with LogRhythm
LogRhythm makes analysis and reporting easy for your team by categorizing, identifying and normalizing log data for you. Powerful alerting capabilities will identify and notify your team of the most critical issues.
LogRhythm Automation Suite for NIST 800-53 Compliance
Meet NIST 800-53 Compliance Mandates with LogRhythm’s Automation Suite
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 establishes information security standards and guidelines for federal information systems.
NIST 800-53 guides federal agencies in documenting and implementing controls that cover access control, audit and accountability, incident response, and system and information integrity.
Capture, Monitor, Review and Retain Log Data
To be compliant with NIST 800-53, you have to implement and perform procedures to effectively capture, monitor, review and retain log data. With LogRhythm, you can easily do all of this and more. You’ll be able to identify threats and quickly respond with automation and an integrated workflow.
Your team will have powerful alerting that identifies your most critical issues and notifies relevant personnel—without distracting noise.
NIST 800-53 Reporting at Your Fingertips
LogRhythm categorizes, identifies and normalizes all of your log data for easy analysis and reporting. With the click of your mouse, our NIST 800-53 reporting packages will ensure you are meeting the reporting requirements of NIST 800-53 mandates.
LogRhythm Support for NEI 08-09 Rev 6
Automate the Collection and Retention of Logs
With regulatory guidance not specifically being addressed in 10 CFR 73.54, the Nuclear Energy Institute (NEI) developed and published NEI 08-09 Rev 6 to cover many areas surrounding access control, audit and accountability, incident response, and system and information integrity.
LogRhythm’s policy-based log processing capabilities provide automatic audit log reduction. “Interesting” audit logs can be forwarded as events for immediate monitoring and alerting. “Uninteresting” audit logs can be filtered out and retained at an archive-only level.
LogRhythm completely automates the process and requirements of collecting and retaining audit logs. The Security Intelligence Platform retains logs in compressed archive files for cost-effective, easy-to-manage, long-term storage. Log files can be restored quickly and easily months or years later in support of after-the-fact investigations.
Powerful Analysis and Reporting
Aggregated views of audit data provide you with quick insight. For further audit reduction, LogRhythm provides extensive report-generation capabilities with compliance packages that address individual regulatory mandates.
Directly Comply with NEI 08-09 Rev 6
With LogRhythm, you’ll meet specific NEI 08-09 requirements:
- Collect boundary device logs from IDS/IPS systems, routers, firewalls, VPN, A/V systems and other security devices
- Provide central analysis and monitoring of intrusion-related activity across your entire IT infrastructure
- Correlate activity across user, origin host, impacted host, application, etc.
- Alert on unauthorized or suspicious activity
- Apply risk-based assessments of your environment to prioritize log sources according to risk rating classification
- You can also configure LogRhythm to identify known bad hosts and networks. Customize the dashboard for real-time monitoring of events and alerts.
LogRhythm’s Investigator provides deep forensic analysis of intrusion related activity and fully automated, pre-packaged reports provide a consolidated review of internal/external boundary activity and threats.
In addition, an integrated knowledge base provides information and references useful in responding to and resolving intrusions. Further, Case Management is a crucial tool to facilitate forensic investigations around Incident Response activity.