No results found. You can ask us instead.
No results found. You can ask us instead.
Phone Lines icon GFI Support Home Sign in
No results found. You can ask us instead.
Start a conversation
  1. GFI Support
  2. GFI Support - EventsManager Section
  3. Articles

GFI EventsManager and FISMA Compliance

Overview

GFI EventsManager helps to comply with FISMA (Federal Information Security Management Act) through supporting the NIST 800-53 (National Institute of Standards and Technology) security standard. The reason why there are no specific reports is the fact that the reports themselves are highly dependent on the way you are implementing NIST 800-53 and the technologies you use (firewall, routers, operating systems, remote access control, email, remote services, mobile, etc.). Some of the reports can be used, and the product supports reading the logs from various technologies and reporting on that information either by using custom reports or by using the GFI EventsBrowser and the Report from View functionality.

This article provides information on NIST Controls and its application in GFI EventsManager.

Information

Assuming the Microsoft Windows operating system is used, please find some hints below:

NIST 800-53 Control

Code Description
AC1 Access Control. Please use GFI EventsManager reports in the Account Usage and Object Access categories.
AC2 Account Management. Please use GFI EventsManager reports in the Account Management category.
AC3 Access Enforcement. Please use reports in GFI EventsManager in Policy Changes and Windows Event Log System categories.
AC4  You need to monitor File Servers, Firewall, and Email Logs. Use GFI EventsManager log browser to narrow down the data and then click Report from View.

AC5

AC6

 Outside the scope of GFI EventsManager.

AC7

 Use the Failed Logons Report in the Account Usage category.
AC8 Same as AC1 + All critical messages category + Events trend category.
AC9 Outside the scope of GFI EventsManager.
AC10 Outside the scope of GFI EventsManager. You can monitor RDP/TS server logs and use Report from View as for AC4.
AC11 AC12 Same as AC10.
AC13
AC14 AC15 AC16		 Outside the scope of GFI EventsManager. 
AC17 Same as AC10. You can monitor logs of any type of remote access technology to enforce this control.
AC18 Monitor the logs of wireless access points and endpoints like laptops. Use Report from View.
AC19 Monitor the logs of Email Servers, DHCP Servers, Firewall, VPN, and endpoints to identify the activity of mobile devices. Use Report from View in EventsBrowser of GFI EventsManager.

Note: The rest of the AC controls are outside the scope of GFI EventsManager.

GFI EventsManager delivers the above in compliance with all AU controls (Audit and Accountability) and it is an important part of CA2 and CA7 (Security Assessment and Authorization) procedures.

It also helps with CM1, CM2, and CM3. For CM (Configuration Management), GFI Languard delivers inventory and change audit functionality and also helps with risk assessment and mitigation via vulnerability scanning and patch management.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted 5 days ago

Comments