NISPOM - National Industrial Security Program Operating Manual
Meeting the Security Audit and Change Management Requirements of NISPOM
The Challenge
The National Industrial Security Program Operating Manual (NISPOM) was established in 1995 by the Department of Defense to preserve the chain of custody over classified information shared between government agencies and their commercial contractors to protect its confidentiality, integrity, and availability.
Chapter 8, "Information Security System," contains requirements governing the effectiveness of IT controls that reduce the risk of compromise while transmitting classified information over an automated information system. Audit logs must be retained for at least one year and protected against unauthorized access. NISPOM security auditing mandates the continuous collection, recognition, storage, recording, and analysis of data associated with security-relevant activities.
The Solution
Sentinel enables government agencies and their contractors to more easily and efficiently manage the chain of custody related to classified information, and provides pertinent information that assists clients in satisfying NISPOM's audit management requirements.
Sentinel's unique iSCALE architecture and in-memory processing supports large-scale environments that generate thousands of events per second. The product's Active Views feature delivers real-time dashboard displays of security and compliance posture, and its correlation engine continuously reviews and analyzes system events 24/7, alerting you to potential anomalies. The product's iTRAC workflow management functionality makes it easy to track response to security incidents from alert through resolution, providing trend-line reporting on incident response activities.
| NISPOM Audit Category | NISPOM Requirements | Sentinel Solution |
| Audit1 (1) Automated Audit Trail Creation | Automate the creation of audit trails or logs
Record specific activity characteristics (date, time, system ID, etc.) Capture all log-on and log-off attempts Capture all access attempts to security-relevant devices and data Capture changes in user authenticators Track blocking activities with rationale |
Sentinel enables automated collection, correlation and reporting of event log data from multi-technology environments including Windows, Unix, Linux, AS400 and mainframe systems. |
| Audit 1(2) Audit Trail Protection | Activity log content is protected against unauthorized access, modification or deletion | Sentinel encrypts the data traversing the application via AES. Once on the back end, native database security functions (in Oracle/SQL) can be leveraged to meet the protection requirements. Sentinel then can monitor privileged users for policy violations. |
| Audit 1(3) Audit Trail Analysis | Audit analysis will be conducted weekly, with all security-relevant activity documented and reported | Sentinel includes both out-of-the-box reports and the ability for users to configure their own reports using Crystal Reports industry-standard tools. Sentinel can also work with any 3rd party reporting package that can be published on a web server and run against the reporting view of the database. |
| Audit 1(4) Audit Record Retention | System activity audit records covering 12 months must be retained | Sentinel enables the compression and encryption of event data for non-system archiving. |
| Audit 2 Individual Accountability | In addition to Audit 1: Unique identification of each user and association of that identity with all auditable actions taken by that individual [must be accounted for]. Periodic testing by the ISSO or ISSM of the security posture of the IS [is required]. | Sentinel's mapping service provides the ability to cross-reference multiple types of data sets, ie, vulnerability, asset type, owner, business relevance, etc. with event data to immediately identify affected resources and enable real-time notification of when an attack attempts to exploit a vulnerable system. |
| Audit 3 Automated Audit Analysis | In addition to Audit 2: Audit analysis and reporting using automated tools will be scheduled and performed | See Audit 1 |
| Audit 4 Audit Trail | In addition to Audit 3: An audit trail, created and maintained by the IS, that is capable of recording changes to the mechanismâÂÂs list of user formal access permissions. | Sentinel monitors the enforcement of proper authentication best practices by validating that appropriate procedures are followed to authenticate all users to the systems, supporting the validity of subsequent transactions. |