National Industrial Security Program Operating Manual (NISPOM)
Protection of Classified Data and Information in Government Agencies and Private Contracting Organizations through Network Security Assurance
The audit capability requirements included in Chapter 8 of the National Industrial Security Program Operating Manual (NISPOM) are of interest to government agencies and private contractors with staff who have access classified data. According to Section 8-602 of NISPOM, this includes “…recognizing, recording, storing and analyzing information related to security-relevant activities.” The audit records are used to determine which activities occurred and which user or process was responsible for them.
The WhatsUp Log Management solution functionality has a direct impact on the audit capability of government agencies and contractors. The following examples illustrate some of the ways in which WhatsUp capabilities fulfill requirements under NISPOM. A more detailed analysis will depend on the type of information, security architecture and processes of the organization needing to comply with NISPOM requirements.
NISPOM Requirement: Automated Audit Trail Creation
WhatsUp Event Archiver and WhatsUp Event Alarm provide the capability for collection, analysis and secure storage of complete Windows event log and Syslog data including from security and application event sources. This data is a goldmine for auditors as it provides comprehensive information on the date, time and user credentials used in accessing security-relevant resources.
NISPOM Requirement: Automated Audit Trail Protection
Event log data maintained in Event Archiver is protected through MD-5 cryptographic hashing. Any event log file may be compared to its hash version to verify that it has not been compromised. Further, all compliance related files can be put under verbose event log messaging – so that every user action in relation to them is recorded.
NISPOM Requirement: Individual Accountability
WhatsUp Log Management solutions are able to extract and present user identifiable information relating to access of security-relevant resources.
NISPOM Requirement: Automated Audit Trail Analysis and Preventive Action
WhatsUp Event Analyst makes the logged and centrally stored data easily searchable and auditable through automated analysis and scheduled reporting. For example, it can provide accurate reporting on all logon success or failure events for all sensitive files and network resources, as well as on changes to any user and group privileges.