What is the DFARS/NIST program?
The National Institute of Standards and Technology (NIST) is part of the U.S. Department of Commerce. As one of the nation’s oldest physical science laboratories, NIST provides technology, measurement, and standards to the U.S. government and its agencies. The NIST Cybersecurity Framework provides a voluntary set of guidelines for managing and reducing cybersecurity risk. Organizations across many industries and countries are now using the Framework as a basis for risk management discussions and decision-making. Fortra’s Data Classification Suite (DCS) solutions help organizations align with the Identify, Detect, and Respond functions of the Framework, as described below.
How Fortra Data Classification Solutions Work
Identify: Access management
Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
ID.AM-3: Organizational communication and data flows are mapped. DCS solutions monitor user handling of email and documents, producing log files that can be used to track data flows and communication. DCS solutions can also provide a data inventory of files stored on-premise and in the cloud.
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value. With support for automated, system-suggested, and user-driven classification, DCS solutions enable organizations to identify the sensitivity and business value of unstructured data.
Protect: Data security
Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-1: Data-at-rest is protected. DCS solutions identify the sensitivity and value of unstructured data-at-rest and apply information protection policies to that data, such as encryption.
PR.DS-2: Data-in-transit is protected. DCS solutions for Outlook and mobile devices provide protection for email data-in-transit. DCS also has various solutions to protect files and documents as they are moved to new locations, including the cloud.
PR.DS-5: Protections against data leaks are implemented. DCS provides multiple levels of protection, from interactive policy warnings and security education to encryption and policy enforcement.
Detect: Anomalies and events
Anomalies and Events (DE.AE): Anomalous activity is detected in a timely manner and the potential impact of events is understood.
DE.AE-3: Event data are aggregated and correlated from multiple sources and sensors. As users work with email, documents, and files, DCS logs user activity and sends the information to a central server, such as a syslog server, McAfee ePO, or a DCS-defined reporting database.
DE.AE-5: Incident alert thresholds are established. DCS log events are categorized at different severity levels. In addition, each event has a unique ID that can be leveraged for more fine-grained alert threshold management.
Respond: Analysis
Analysis (RS.AN): Analysis is conducted to ensure adequate response and support recovery activities.
RS.AN-3: Forensics are performed. As users work with email, documents, and files, DCS logs meaningful activities for detailed reporting, analytics, and threat detection.
RS.AN-4: Incidents are categorized consistent with response plans. DCS events are categorized at different severity levels, and events can be correlated to specific response plans through reporting and analytics.