Addressing NIST SP 800-39: “Guide for Applying the Risk Management Framework” with CORE INSIGHT Enterprise
NIST SP 800-39, Guide for Applying the Risk Management Framework to Federal Information Systems, establishes a Risk Management Framework (RMF) that promotes the concept of near-real-time risk management through the implementation of a robust continuous monitoring process. The RMF encourages the use of automation and automated support tools — such as those offered by CORE INSIGHT. This allows for the collection of relevant information for senior leadership to use when making credible, risk-based decisions regarding their core missions and business functions.
According to NIST SP 800-39, commercially available automated tools “support situational awareness, or [maintain] awareness of the security state of information systems on an ongoing basis through enhanced monitoring processes.” However, NIST also cites that those tools, as well as corresponding processes designed to generate risk data, are not being deployed in a timely fashion. As a result, system security assessments and authorizations are usually based on infrequently conducted vulnerability scans that test security controls at a single point in time – leaving security professionals unable to measure the real risk to systems between security control test cycles.
How CORE INSIGHT Helps
By automatically traversing exploitable web application, network and client-side weaknesses throughout your environment, INSIGHT can reveal risks to your critical assets on a continuous basis. Unlike other security solutions, it does not scan for potential vulnerabilities, monitor for incidents, or model threats; it proactively uses the same offensive techniques that criminals employ to find and exploit weaknesses that expose critical assets to data breaches.
INSIGHT enables you to:
- Continuously reassess the security of assets as new attack techniques surface, as new vulnerabilities are discovered, and infrastructure changes.
- Test the internal and external relationships between inter-connected IT systems.
- Determine remediation priorities to ensure that security improvements are aimed at addressing the most critical, true risks.
- White Paper: Putting NIST Guidelines for Information Security Continuous Monitoring into Practice
This whitepaper discusses how security testing and measurement solutions from Core Security Technologies can help your agency adhere to NIST’s recommendations for Information Security Continuous Monitoring
Learn how Core Security addresses other NIST guidelines: