Simplify Compliance with LogRhythm’s Consolidated Compliance Framework and NIST

Compliance may seem complicated, but here at LogRhythm, were doing our best to simplify the hassle. As new compliance and security-related legislation, regulations, and standards are introduced every year, you might not know which regulations apply to your organization or the full scope to which you must comply. Even if you’re not required to attest to any formal frameworks, you may want to be proactive and adopt a best practice framework to get in front of potential risk. Federal agencies and companies associated with these federal agencies have fairly clear, straightforward regulations to adhere to, but many other organizations are left to wonder for what they will be held accountable.

In most cases, regulations aim to enforce the same or very similar controls, as they’re all loosely based on industry best practices, various frameworks, and standards developed by well-known organizations like the International Organization for Standardization (ISO) and National Institute of Standards and Technology (NIST). While there are exceptions and outliers, you should be able to meet most, if not all, of your regulatory compliance requirements or best practice objectives by implementing one consolidated module.

LogRhythm’s Consolidated Compliance Framework (CCF) is an all-encompassing compliance module that helps reduce the time you spend satisfying compliance regulations. Even if you’re unsure of your organization’s compliance scope, but know you have to adhere to some regulation(s), you can use the CCF to gain an overarching compliance approach that maps to a variety of frameworks. That core of the CCF is primarily influenced by the GDPR, ISO 27001, and NIST 800 series special publications.

LogRhythm’s NIST offering recently underwent an overhaul. The new offering includes prebuilt content mapping to three different NIST standards: SP 800-171 rev. 1, SP 800-53 rev. 5, and Cybersecurity Framework (CSF) V1.1. These along with GDPR and ISO 27001 are the core influencers standards that we have built our CCF functionality around.

What is NIST?

NIST established a compliance framework aimed at operators of critical infrastructure, but publishes and influences a vast number of other frameworks and mandates, including those that are more specific to a certain industry or region. A number of varying compliance regulations derive their language from NIST. In fact, NIST guidelines and supplemental materials are so resource intensive that they can be used to build an entire compliance program. So much so that we believed it was the perfect base to build our CCF methodology on.

NIST is a domestic influencer, meaning — from a control standpoint — it really influences compliance within the public sector of the United States and is growing substantially as a best practice guide for private sector organizations. NIST is the centerpiece for LogRhythm’s CCF with NIST 800-171, NIST 800-53, and NIST-CSF serving as the main components of the CCF.


The (NIST) Cybersecurity Framework (CSF) established a set of voluntary information security standards and guidelines aimed at operators of critical infrastructure as defined within Executive Order 13636 from the President of the United States.

NIST-CSF guides critical infrastructure organizations in documenting and implementing controls for information technology systems that support their operations and assets, including access control, audit and accountability, incident response, and system and information integrity.

NIST 800-53

NIST Special Publication (SP) 800-53 establishes information security standards and guidelines for federal information systems. NIST 800-53 guides federal agencies in documenting and implementing controls that cover access control, audit and accountability, incident response, and system and information integrity.

To comply with NIST 800-53, you have to implement and perform procedures to effectively capture, monitor, review and retain log data.

NIST 800-171

NIST Special Publication (SP) 800-171 provides federal agencies with a set of recommended security requirements for protecting the confidentiality of controlled unclassified information (CUI) in non-federal systems and organizations. The security requirements apply to all components of non-federal systems and organizations that process, store, or transmit CUI, or that provide security protection for such components.

Although NIST 800-171 is widely considered a best practice for security, it can require significant investment. For example, government entities get audited once a year or once every three years. Third-party vendors, who are not directly affiliated with the government, must comply to some extent of NIST standards or their contracts can be pulled, resulting in a loss of business.

The LogRhythm Consolidated Compliance Framework

The LogRhythm CCF is comprised of prebuilt content directly mapped to controls associated with NIST requirements, such as AI Engine scenario-based analytic rules, dashboards, lists, investigations, and reports.

CCF was designed with all audiences involved in a given audit considered and what data is pertinent to their role. What are the key drivers in an audit?  The CCF was built to anticipate the needs of each audience involved in an audit, such as the executive team, internal or external audit teams, operations, compliance managers. These stakeholders may use the data from the SIEM in different or similar ways, all as a means of ensuring their organization is compliant.

While the CCF’s functionality and content is core influence is primarily comprised of ISO, NIST, and the GDPR, the module will be mapped to dozens of regulations — effectively streamlining the compliance process by centralizing controls into a single module.

LogRhythm Figure 1: The LogRhythm CCF Vision

LogRhythm recently updated existing NIST-CSF and NIST 800-53 modules within the CCF and introduced a module that is mapped to NIST 800 171 — a newly developed NIST framework.

Our newest NIST module is built around its three primary frameworks and includes about 512 controls. LogRhythm does not augment all of these controls (we do augment approximately 259 of them), but rather finds the commonalities amongst controls and makes overarching content that maps to these commonalities creating a simpler view of any organization’s environment for their analysts, auditors, and executive teams.

At one point, each NIST framework specifically touches on the ability to audit and the need to have a SIEM in place to successfully do so. This is the minimum of most compliance frameworks. However, LogRhythm’s CCF takes compliance a step further and offers a simplified solution. LogRhythm is the only SIEM vendor to offer a cohesive, consolidated framework through the NextGen SIEM Platform. Implementing a single compliance framework keeps you from duplicating content across various stand-alone modules and, ultimately, allows you to meet your compliance needs faster and better with personalized resources for every framework.

The LogRhythm CCF offers AI Engine rules, alerts, investigations, and reports around all of prebuilt content and everything compliance-related for which you can leverage SIEM functionality. As LogRhythm’s technology stack grows and expands, we can continually enhance our CCF methodology to provide the highest-quality product to our customers. In Q1 2019, you can also look forward to new SIEM functionality and CCF’s inclusion of revamped ISO 27001 controls. Criminal Justice Information Systems (CJIS) Security Policy, and the NY DFS cybersecurity regulation.

Establish an Efficient Compliance Program

If your organization has defined the scope for a given compliance requirement(s) with which you must comply or if you voluntarily elect to comply, LogRhythm offers individual compliance modules that can easily be implemented. You can implement the framework(s) specific modules leveraging overarching CCF objects and have confidence that your security and operations programs are operating within the limits of the law — even if you don’t fully understand your compliance requirements.

If you’re not using CCF, you’re most likely developing individual content for every compliance framework for which you must meet. When utilizing LogRhythm’s CCF, you only have to define certain lists and entity structures to get the same content and context across the board — saving you time and resources.

LogRhythm’s CCF based modules are available in our Knowledge Base and currently includes prebuilt content mapped to the controls associated with UAE-NESA, GDPR, state-level data protection laws, NIST-CSF, NIST 800-53, and NIST 800-171.

Additional regulations and controls will constantly be added to the Knowledge Base and early adoption with a streamlined approach will put your compliance program ahead of the curve.