AC-3 Access Enforcement

NitroSecurity’s NitroGuard DBM, NitroGuard IPS, and NitroView ESM provide identity-based, role-based and rule-based policies and access enforcement mechanisms and application level monitoring to control access between users and organizations using user permissions, groups, virtual IPS instances and custom views.

AC-4 Information Flow Enforcement

NitroView ESM correlates log and event data with network activity, tracking information flow and providing notification and enforcement mechanisms. NitroGuard IPS performs native collection of network flows in addition to intrusion prevention functions, and can proactively block a flow if a policy violation occurs.

AC-17 Remote Access

NitroView ESM Allows the organization to document, monitor, and control all methods of remote access (e.g., dial-up, Internet) to the information systems. Each remote access method can be classified and only authorized for the necessary users for each access method.

AC-18 Wireless Access Restrictions

NitroView ESM Allows the organization to establish usage restrictions and tracking for wireless technologies and documents, monitors, and controls wireless access to the information system.

AU-2 Auditable Events

NitroView LogCaster provide universal log collection, archiving, encryption, and validation for audit purposes and proof of compliance.

NitroView ESM provides further analysis of collected log data and log-generated events from LogCaster, including real-time forensic and correlation capabilities.

The checklists and configuration guides at http://csrc.nist.gov/pcig/cig.html provide recommended lists of auditable events.

AU-3 Content of Audit Records

NitroView LogCaster is capable of filtering on the contents of log text and producing actionable events, either for audit or analysis purposes.

NitroView ESM is capable of correlating log data with user identity and network activity, to provide additional, detailed reports for audit events identified by type, location, or subject. Also, provides the capability to centrally manage the content of audit records generated by individual components throughout the system.

AU-4 Audit Storage Capacity

NitroView provides sufficient audit record storage capacity and configures auditing to prevent such capacity being exceeded. Data may be stored locally on NitroSecurity appliances, or remotely using NAS or SAN technology. Records are not pruned or summarized for compression purposes, maintaining data granularity and information integrity even over long periods of time.

CA-7 Continuous Monitoring

NitroGuard DBM monitors database and application activity, while NitroGuard IPS monitors the network for intrusion attempts and suspicious behavior. NitroView ESM provides an additional layer of monitoring through the unified correlation and analysis of DBM, IPS, Firewall, log, and network data.

This allows the organization to monitor the security controls in the information system on an ongoing basis including continuous monitoring activities as security impact analyses of changes to the system, ongoing assessment of security controls, and status reporting. NIST Special Publication 800-53A provides guidance on the assessment of security controls.

IR-4 Incident Handling

NitroSecurity’s solution offers direct monitoring and correlated detection of a variety of incidents, allowing the organization to implement an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery.

IR-5 Incident Monitoring

NitroView tracks all activity collected from logs, network flows, and monitoring devices such as NitroGuard DBM and NitroGuard IPS. This provides for the organization to automatically track and document information system security incidents on an ongoing basis and produce information to create an analysis of the incident.

IR-6 Incident Reporting

Both NitroView LogCaster and NitroView ESM allows the organization to promptly report incident information to appropriate authorities. The types of incident information reported, the content and timeliness of the reports, and the list of designated reporting authorities or organizations are consistent with applicable federal laws, directives, policies, regulations, standards, and guidance.

SC-5 Denial of Service Protection

NitroGuard IPS protects against the effects of denial of service attacks, including distributed, service level, application, and exploit-based attacks through correlating network traffic and filtering rogue traffic without the need for increased capacity and bandwidth.

SI-3 Malicious Code Protection

NitroGuard IPS implements malicious code protection that includes a capability for automatic updates. Employs virus protection mechanisms at critical information system entry and exit points on the network.

SI-4 Intrusion Detection Tools and Techniques

NitroGuard DBM detects suspicious activity within the database itself, while NitroGuard IPS detects attacks at the network perimeter (and/or at strategic junctions within the network), monitoring outbound communications for unusual or unauthorized activities indicating the presence of malware (e.g., malicious code, spyware, adware). Individually or together, these systems identify unauthorized use of systems and employ automated tools to support real-time analysis of events in support of detecting and preventing system-level attacks.

NitroGuard IPS is able to directly block attacks: by dropping or resetting sessions. This supports rapid response to attacks. For more complex attacks, such as correlated incidents involving multiple vectors, NitroView ESM is able to detect and mitigate these sophisticated threats: including the further ability to remediate if necessary.

SI-5 Security Alerts and Advisories

NitroView collects events form all security devices, including third party devices, and provides notification of security alerts/advisories on a regular basis, to appropriate personnel, and takes appropriate actions in response.

SI-6 Security Functionality Verification

NitroGuard DBM is able to verify the correct operation of security functions, with appropriate notification and remediation capabilities. NitroView LogCaster is able to perform a risk assessment as well to ensure that logs are being collected appropriately.

SI-8 Spam and Spyware Protection

NitroGuard IPS provides protection against spam and spyware at critical information system entry points. In addition, NitroView ESM provides the correlation and analysis of IPS and other data (e.g., firewalls, electronic mail servers, remote-access servers) to determine root cause and “patient zero.”

SI-12 Information Output Handling and Retention

NitroSecurity allows for retention output that is in accordance with most organizational policy and operational requirements. This includes NitroView LogCaster’s archival, encryption and validation capabilities which ensure that raw log files have not been altered or tampered.