Any organization seeking to meet NIST compliance requirements needs to show proof of their compliance – Blumira’s SIEM quickly and easily provides the reports you need for certain NIST controls.
The National Institute of Standards and Technology Special Publication (NIST SP) 800-171 is a set of compliance controls and security framework that applies to non-federal agencies that work with government entities. That includes any government contractors and subcontractors. It provides guidance on how to handle and secure Controlled Unclassified Information (CUI).
Organizations are responsible for ensuring their own compliance with NIST by using a third-party firm to conduct an audit. During an audit, the auditor will examine your security systems and measures and compare them to NIST compliance requirements.
Blumira’s SIEM + XDR security platform helps your organization easily meet and exceed NIST 800-171 compliance requirements for logging, monitoring, threat detection and response.
Now, Blumira users can use our pre-built global reports to demonstrate compliance with NIST controls. These reports list out log data collected from your environment through any integrations you have set up with Blumira’s SIEM.
See which Blumira reports map to which NIST 800-171 controls so you can easily hand over pre-built reports to your auditor to prove your compliance. Please note that each report is available for certain integrations, which are listed under each report below:
NIST 800-171 Controls | Blumira Report |
---|---|
NIST 3.1 Access Control 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). |
(NIST) Unauthorized Access Attempts Blumira’s report lists out all failed login attempts, access denied events, etc. over the last 90 days. This verifies proper logging and monitoring of access. Available for: Windows & Linux |
3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. | (NIST) Service Account Access This report lists all service account login events to help you confirm appropriate use of these accounts. Available for: Azure & Windows |
3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. | (NIST) User Entitlement This report shows all user permissions and roles to validate proper access controls and least privilege. Available for: Azure AD, GSuite (Now Google Workspace) & Windows |
3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. | (NIST) Privilege Elevations Blumira's report shows all instances where user privileges were temporarily escalated, such as sudo commands. This verifies proper approval and monitoring. Available for: Windows & Linux |
3.1.12 Monitor and control remote access sessions | (NIST) VPN Connection This lists all VPN connection events for remote users within your environment. This validates connections were authorized. Available for: Fortigate, GlobalProtect, Cisco ASA, SonicWall, Sophos, & WatchGuard |
NIST 3.3 Audit & Accountability 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. |
(NIST) Audit Logs & Records This report shows your "earliest" log by type to help you prove data retention and show length of time period. |
NIST 3.4 Configuration Management 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. |
(NIST) Configuration Changes Blumira's report lists all configuration changes made to systems and devices over the last 90 days, such as firewall changes. This verifies proper change management. Available for: Cisco ASA, Fortigate, & Palo Alto |
NIST 3.14 System & Information Integrity 3.14.2 Provide protection from malicious code at designated locations within organizational systems. |
(NIST) Malware Detection This report lists out instances where anti-malware tools detected malware over a certain time period. Available for: Microsoft 365, Carbon Black, CrowdStrike, Cylance, Defender |
Blumira customers on paid editions can use global and saved reports to easily access the NIST compliance reports, as well as many other reports to analyze the logged events that you send Blumira. This is useful for conducting activities like:
To view a NIST global report or one of your saved reports, follow these easy steps:
Navigate to Reporting > Report Builder. Adjust time range as needed.
Click to open the additional options menu (the three dot menu seen on the right side).
Click Load Saved Report. Type “NIST” into the search box at the top of the Saved Reports screen.
In the Saved Reports window, click the report that you want to use.
Note: You can type a name or keyword to filter the list or scroll to find a specific report. When you search “NIST,” the compliance reports you can view will vary based on which integrations you currently have set up for your organization.
Get more tips on how to use Blumira’s Report Builder in our documentation article, Using global and saved reports.
Here’s a full list of the compliance reports available:
Note: These screenshots show a universal environment with all possible integrations set up; customers will only see the reports relevant to their actual integrations
To ensure you’re ready for your NIST compliance audit, we recommend using our Scheduled Reports feature to run them every month and send them to your email account. If you set up a folder that contains all of these regularly-run reports, you’ll be ready to hand them over to a third-party auditor at any time.
Provide your auditor with time/date-stamped documents that clearly show that you’re complying with the framework to ensure your audit goes smoothly.
Blumira can help support organizations with NIST 800-171 controls 3.3.1-3.3.9 on Audit and Accountability. Learn more about NIST 800-171 & Blumira.
Additional Resources: