NeQter CMMC Compliance Guide
Version 2.1
November 2022
Table of Contents
Introduction
The compliance guide identifies the CMMC practices NeQter can assist in meeting, or that are defined as a policy. It will be Highlighted Green when NeQter can assist in providing a CMMC Score of MET according to the definition of the practice or process outlined in the CMMC Assessment Guide. CMMC practices will be Highlighted Orange to identify where NeQter may help or assist towards a CMMC score of MET outlined in the CMMC Assessment Guide. CMMC processes and policies that NeQter cannot help with will be Highlighted Red accordingly.
Access Control (AC)
AC.L1-3.1.1
Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives a and b and meets c. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Authorized users are identified.
In order to partially assist with this assessment objective NeQter, visualizes the group of organizationally defined authorized users in the Windows, G-Suite, and Office 365 dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can filter and analyze the activity of authorized users directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for user data in NeQter’s Discovery Tab. Industry standard recommends a quarterly review of the privileges given to authorized users to conform to the principle of least privilege.
b. Processes acting on behalf of authorized users are identified.
NeQter can partially assist with this assessment objective by visualizing processes of the group of organizationally defined authorized users in the Windows, G-Suite, and Office 365 dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can filter, and analyze the activity of processes directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for process data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about process activity with NeQter’s Reports Tab.
c. Devices (and other systems) authorized to connect to the system are identified.
To partially assist with this assessment objective NeQter identifies devices (and other systems) authorized to connect by the [Control Operator] with NeQter’s Hosts Inventory Tool. NeQter can also visualize connected devices in NeQter’s Dashboard Tab. The [Control Operator] can filter, and analyze connected device activity directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter, monitor, and send alerts about connected devices with NeQter’s Reports Tab.
d. System access is limited to authorized users.
NeQter Labs does not define this policy or process.
e. System access is limited to processes acting on behalf of authorized users.
NeQter Labs does not define this policy or process.
f. System access is limited to authorized devices (including other systems).
NeQter Labs does not define this policy or process.
AC.L1-3.1.2
Limit system access to the types of transactions and functions that authorized users are permitted to execute.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. The types of transactions and functions that authorized users are permitted to execute are defined.
NeQter Labs does not define this policy or process.
b. System access is limited to the defined types of transactions and functions for authorized users.
To assist in satisfying the requirement of this assessment objective, NeQter visualizes user transactions and functions in the Windows, G-Suite and Office 365 dashboards available in NeQter’s Dashboard Tab. In the dashboards the [Control Operator] can review account activity on a regular basis, monitor the creation and deletion of accounts, identify accounts that have been inactive for more than 35 days, monitor lock out events, and review role-based account activity. The [Control Operator] can filter and analyze user activity directly in the dashboard or pin it, so that it can be looked at in detail or exported for documentation purposes in NeQter’s Discovery Tab. The [Control Operator] can save custom search filters to monitor and send alerts about specific user activity with NeQter’s Reports Tab.
AC.L2-3.1.5
Employ the principle of least privilege, including for specific security functions and privileged accounts.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective a. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Privileged accounts are identified.
NeQter can partially assist with this assessment objective by visualizing account activity in the Windows and Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze account activity directly in the dashboard or pin it, so that it can be looked at in raw log form in NeQter’s Discovery Tab. The [Control Operator] can save the search filters to monitor and send alerts for events being detected and audited with NeQter’s Reports Tab. Root access to NeQter’s Linux based operating system is restricted by design from the consumer.
b. Access to privileged accounts is authorized in accordance with the principle of least privilege.
NeQter Labs does not define this policy or process.
c. Security functions are identified.
NeQter Labs does not define this policy or process.
d. Access to security functions is authorized in accordance with the principle of least privilege.
NeQter Labs does not define this policy or process.
AC.L2-3.1.6
Use non-privileged accounts or roles when accessing non-security functions.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective a. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. Non-security functions are identified.
In order to partially assist with this assessment objective NeQter visualizes function activity in the Windows dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze function activity directly in the dashboard or pin it, so that it can be looked at in raw log form in NeQter’s Discovery Tab. The [Control Operator] can save the search filters to monitor and send alerts for audited functions with NeQter’s Reports Tab.
b. Users are required to use non-privileged accounts or roles when accessing non-security functions.
NeQter Labs does not define this policy or process.
AC.L2-3.1.7
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective c and meets objective d. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Privileged functions are defined.
NeQter Labs does not define this policy or process.
b. Non-privileged users are defined.
NeQter Labs does not define this policy or process.
c. Non-privileged users are prevented from executing privileged functions.
NeQter can partially assist with this assessment objective by visualizing the execution of privileged functions in the Windows and firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze user activity directly in the dashboard or pin it, so that it can be looked at in raw log form and filtered for the full text of executed commands in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about user activity with NeQter’s Reports Tab. Industry standard recommends a quarterly review of the privileges given to users to conform to the principle of least privilege.
d. The execution of privileged functions is captured in audit logs.
NeQter can fully assist with this assessment objective by capturing the logs of user activity so that the [Control Operator] can audit for the execution of privileged functions and link system access to individual users. NeQter visualizes the execution of privileged functions in the Windows and firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can then review, and analyze user activity directly in the dashboard or pin it, so that it can be looked at in raw log form in order to verify the location of execution as well as the full text of the executed commands in NeQter’s Discovery Tab. While still in the Discovery Tab the [Control Operator] can export the privileged function data to a CSV or JSON file which serves as the audit logs required to meet this objective in NeQter’s Discovery Tab. Industry standard recommends a quarterly audit to review the privileges given to users and ensure it conforms to the principle of least privilege.
AC.L2-3.1.8
Limit unsuccessful logon attempts.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. The means of limiting unsuccessful logon attempts is defined.
NeQter Labs does not define this policy or process.
b. The defined means of limiting unsuccessful logon attempts is implemented.
In order to partially assist with this assessment objective NeQter visualizes login data in the Windows dashboard available in NeQter’s Dashboard Tab. NeQter can also help the [Control Operator] in meeting this objective by monitoring consecutive unsuccessful logon attempts and account lockouts using the following templates, Login failure by Administrator, Administrator Log in, Login failure by user, Login failure by Workstation name. These alerts can be implemented and customized by the [Control Operator] in NeQter’s Reports Tab. Industry standard recommends locking accounts after 6 consecutive invalid login attempts.
AC.L2-3.1.12
Monitor and control remote access sessions.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b and meets objective d. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Remote access sessions are permitted.
NeQter Labs does not define this policy or process.
b. The types of permitted remote access are identified.
To assist in satisfying the requirement of this assessment objective NeQter visualizes remote access in the Windows and Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze remote access activity directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for remote access data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about remote access activity with NeQter’s Reports Tab.
c. Remote access sessions are controlled.
NeQter Labs does not define this policy or process.
d. Remote access sessions are monitored.
This assessment objective is assisted in full when using NeQter as it allows the [Control Operator] to monitor remote access sessions. NeQter captures and visualizes VPN activity and other actions performed while connected remotely via organizational endpoints in the Windows and Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze remote access sessions directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for particulars in NeQter’s Discovery Tab. NeQter can also help the [Control Operator] monitor remote access sessions by use of the Login failure IP Address alert template. This template and other customer alerts can be implemented by the [Control Operator] in NeQter’s Reports Tab.
AC.L2-3.1.18
Control connection of mobile devices.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective c. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Mobile devices that process, store, or transmit CUI are identified.
NeQter Labs does not define this policy or process.
b. Mobile device connections are authorized.
NeQter Labs does not define this policy or process.
c. Mobile device connections are monitored and logged.
To partially assist with this assessment objective NeQter visualizes mobile device connections in the G-Suite, Office 365, and firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze mobile device activity directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for mobile device activity in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about mobile device activity with NeQter’s Reports Tab. NeQter recommends the [Control Operator] to source out a stand-alone mobile device management system which would provide better support for this objective especially if the organization connects mobile devices on a regular basis.
AC.L1-3.1.20
Verify and control/limit connections to and use of external information systems.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives a, and b. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Connections to external systems are identified.
NeQter assists in satisfying the requirement of this assessment objective by visualizing external systems in the Windows, Office 365, G-Suite and, Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze connections to external systems directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for external system data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about external system activity with NeQter’s Reports Tab.
b. The use of external systems is identified.
To assist in satisfying the requirement of this assessment objective NeQter visualizes external system use in the Windows, Office 365, G-Suite and, Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze external system usage directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for usage data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about external system use with NeQter’s Reports Tab.
c. Connections to external systems are verified.
NeQter Labs does not define this policy or process.
d. The use of external systems is verified.
NeQter Labs does not define this policy or process.
e. Connections to external systems are controlled/limited.
NeQter Labs does not define this policy or process.
f. The use of external systems is controlled/limited.
NeQter Labs does not define this policy or process.
AC.L2-3.1.21
Limit use of portable storage devices on external systems.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective a. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. The use of portable storage devices containing CUI on external systems is identified and documented.
NeQter partially assists in satisfying the requirement of this assessment objective allowing the [Control Operator] to identify and document the activity and use of portable storage devices through logs generated the system components. NeQter can visualize portable storage device data in the Windows Dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze events generated when portable storage devices are connected, or denied directly in the dashboard or pin it, so that it can be looked at in raw log form in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about portable storage devices with NeQter’s Reports Tab.
b. Limits on the use of portable storage devices containing CUI on external systems are defined.
NeQter Labs does not define this policy or process.
c. The use of portable storage devices containing CUI on external systems is limited as defined.
NeQter Labs does not define this policy or process.
Auditing & Accountability (AU)
AU.L2-3.3.1
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
This process is a partial meet using NeQter. NeQter helps to meet objectives a and b. NeQter can meet objectives c, d, e, and f.
a. Audit logs needed (i.e., events types to be logged) to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity are specified.
In order to partially assist with this assessment objective NeQter visualizes the systems defined audit logs in the dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze audit logs directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for audit trail data in NeQter’s Discovery Tab.
b. The content of audit records needed to support monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity is defined.
NeQter can partially assist with this assessment objective by visualizing the content in audit logs in the dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze organizationally defined audit log content directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for the defined content in NeQter’s Discovery Tab.
c. Audit records are created (generated).
NeQter can fully assist with this assessment objective by visualizing the audit logs in the dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze audit logs directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for audit trail data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts with NeQter’s Reports Tab. The results and supporting raw log entries can be exported to CSV or JSON data files which fully meet the audit record requirement to satisfy this objective.
d. Audit records, once created, contain the defined content.
This assessment objective is assisted in full when using NeQter to visualize the audit logs from native logging systems in the dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze organizationally defined audit log content directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for the defined content in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts with NeQter’s Reports Tab. The filtered results and supporting raw log entries can be exported to a CSV or JSON data file which meets the audit record requirement to satisfy this objective.
e. Retention requirements for audit records are defined.
To assist in satisfying the requirements of this assessment objective NeQter allows the [Control Operator] to centrally collect and retain the audit records from raw logs as defined by the [Control Operator]. NeQter centrally stores all raw log data by default for at least 90 days and provides longer term archival capabilities in NeQter’s Backup Settings. Industry standard recommends archiving all audit logs for 365 days.
f. Audit records are retained as defined.
NeQter can assist this assessment objective in full by centrally storing all raw log data by default for at least 90 days and provides longer term archival capabilities in NeQter’s Backup Settings. Search templates that create the audit records can also be retained by exporting this data to a CSV or JSON data file defined by the [Control Operator] in NeQter’s Discovery Tab. Industry standard recommends archiving all audit logs for 365 days.
AU.L2-3.3.2
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. The content of the audit records needed to support the ability to uniquely trace users to their actions is defined.
NeQter Labs does not define this policy or process.
b. Audit records, once created, contain the defined content.
This assessment objective is addressed using NeQter which partially assists the [Control Operator] in searching and filtering raw logs for the defined content. For example, Source User ID, Target User ID, Event Type, and Date and Time. User information is pulled from Windows Active Directory logs and can be visualized in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze audit logs directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for the defined content in NeQter’s Discovery Tab. The results and supporting raw log entries can be exported to a CSV or JSON data file which meets the requirements to satisfy this objective in NeQter’s Discovery Tab.
AU.L2-3.3.3
Review and update logged events.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives b and c. The other objective is a policy and process which is the responsibility of the [Control Operator].
a. A process for determining when to review logged events is defined.
NeQter Labs does not define this policy or process.
b. Event types being logged are reviewed in accordance with the defined review process.
This assessment objective is addressed using NeQter to update and ensure all event types in raw logs are being properly indexed within a centralized filesystem. Logged events are visualized in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze security-related event logs directly in the dashboard or pin them, so that it can be looked at in raw log form or further parsed for the defined audit trail data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about audit log initialization, pausing and stopping with NeQter’s Reports Tab.
c. Event types being logged are updated based on the review.
To assist in satisfying the requirements of this assessment objective, NeQter helps to update and ensure that all event types in raw logs are properly indexed within NeQter’s central filesystem. As operating systems, and network appliances vendors update over time, NeQter will maintain current best practice to remain compatible in monitoring and collecting logs from these systems and associated vendors. Logged events are visualized in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze security-related event logs directly in the dashboard or pin them, so that it can be looked at in raw log form or further parsed for the defined audit trail data in NeQter’s Discovery Tab. The [Control Operator] can save their customized search filters to monitor and send alerts with NeQter’s Reports Tab.
AU.L2-3.3.4
Alerting in the event of an audit logging process failure.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives b and c. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. Personnel or roles to be alerted in the event of an audit logging process failure are identified.
NeQter Labs does not define this policy or process.
b. Types of audit logging process failures for which alerts will be generated are defined.
NeQter can partially assist the [Control Operator] with this assessment objective by monitoring audit logging process failures using the following templates, Low Disk Space, No Disk Space, Backups Error, High Disk Usage (Grouped by IP address), High Memory Usage (Grouped by IP address), and High CPU Usage (Grouped by IP address). These alerts can be implemented by the [Control Operator] in NeQter’s Reports Tab and are visualized in the Health Dashboard in NeQter’s Dashboard Tab. NeQter also provides the [Control Operator] the ability to search raw logs for changes to audit logging and authentication settings with NeQter’s Discovery Tab. The [Control Operator] can save their customized search queries to configure alerts and automated monitoring and with NeQter’s Reports Tab. Lastly, NeQter’s Network Monitor Tab allows the [Control Operator] to monitor defined systems and services via ICMP ping to check if systems are responsive and if not, send alerts to the [Control Operator] that the service is down or unresponsive.
c. Identified personnel or roles are alerted in the event of an audit logging process failure.
NeQter’s Network Monitor Tab allows the [Control Operator] to monitor devices via ICMP ping to ensure a system responsible for audit trail logging is responsive and if not, send an alert to the [Control Operator] that the service is down or unresponsive. The [Control Operator] can identify the personnel or roles to be alerted, using NeQter’s Reports Tab.
AU.L2-3.3.5
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.
This process is met when using NeQter to assist.
a. Audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity are defined.
NeQter fully assists with this assessment objective by providing the [Control Operator] with an Audit, Windows and Firewall dashboard which visualizes and correlates events from raw logs generated by the native logging devices. This tool is located, in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze audit record data directly in the dashboards or pin it, so that it can be looked at in raw log form or further parsed for investigation and response indications in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and audit for the organizationally defined indications of unlawful, unauthorized, suspicious, or unusual activity with NeQter’s Reports Tab.
b. Defined audit record review, analysis, and reporting processes are correlated.
In order to meet this objective, NeQter fully assists the [Control Operator] by providing a platform which centrally collects native log data so that audit record review, analysis and reporting processes can be correlated. Dashboards which visualize data from various systems correlate events from raw logs that are of general importance to compliance and security. This tool is in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze audit record data directly in the dashboards or pin it, so that it can be looked at in raw log form or further parsed for the organizationally defined audit record data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and report activity with NeQter’s Reports Tab.
AU.L2-3.3.6
Provide audit record reduction and report generation to support on-demand analysis and reporting.
This process is met when using NeQter to assist.
a. An audit record reduction capability that supports on-demand analysis is provided.
To satisfy the requirements of this assessment objective, NeQter fully assists the [Control Operator] with its SIEM tools which centrally collect native log data so that events can be analyzed and reduced on-demand. NeQter recommends reviewing the Dashboard Tab first which reduces and visualizes audit records from the various systems components. The [Control Operator] can review, and analyze audit trail data directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for event types in NeQter’s Discovery Tab.
b. A report generation capability that supports on-demand reporting is provided.
This assessment objective is assisted in full when using NeQter. The [Control Operator] can export reports on-demand in NeQter’s Discovery Tab. NeQter’s Dashboard Tab correlates, reduces and visualizes data from the various systems that are sending in audit record data. The [Control Operator] can review, and analyze audit trail data directly in the dashboard or pin it, so that it can be looked at in raw log form or further filtered with NeQter’s Discovery Tab. The [Control Operator] can then save the search filter to export reports on-demand with NeQter’s Reports Tab. The report and supporting raw log entries can be exported to a CSV or JSON data file which meets the report requirements to satisfy this objective.
AU.L2-3.3.7
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with all objectives.
a. Internal system clocks are used to generate time stamps for audit records.
Internal system clocks are used to generate the timestamps for audit record data sent to NeQter by the native logging devices themselves. The [Control Operator] can set NeQter’s internal system clock in NeQter’s Time Settings which is used when creating audit records and other NeQter system documentation.
b. An authoritative source with which to compare and synchronize internal system clocks is specified.
Native logging devices are setup with their own authoritative time sources. The [Control Operator] can configure the preferred authoritative time source that is used by the native logging devices in NeQter’s Time Settings.
c. Internal system clocks used to generate time stamps for audit records are compared to and synchronized with the specified authoritative time source.
Native logging devices synchronize time stamps with the specified authoritative time sources when logs are generated and sent to NeQter. NeQter synchronizes with its authoritative time source, and times stamps log data upon ingest. The [Control Operator] can configure the preferred authoritative time source that is used by the native logging devices in NeQter’s Time Settings.
AU.L2-3.3.8
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
This process is met when using NeQter to assist.
a. Audit information is protected from unauthorized access.
NeQter can fully assist with this assessment objective by providing the [Control Operator] the ability to limit NeQter system access to users that have a job-related need. This authentication process protects audit trail information from unauthorized access by restricting access to the user profiles administered by the [Control Operator]. NeQter’s user accounts are managed in NeQter’s User Settings.
b. Audit information is protected from unauthorized modification.
This assessment objective is assisted in full when using NeQter, as it provides the [Control Operator] the resources to centrally collect, store, and backup all audit trail data into an indexed file system that is then unalterable by any NeQter account user including the administrator. Therefore, all audit information is protected from modification by all users, which includes those that would be considered unauthorized.
c. Audit information is protected from unauthorized deletion.
This assessment objective is satisfied in full when using NeQter, as it provides the [Control Operator] a centralized log server that protects audit trail data from deletion by any NeQter account user including the administrator. Therefore, all audit information is protected from deletion by all users, which includes those that would be considered unauthorized.
d. Audit logging tools are protected from unauthorized access.
In order to meet this objective, NeQter fully assists the [Control Operator] by limiting NeQter platform access to users that have a job-related need. This authentication process protects NeQter’s audit logging tools from unauthorized access by restricting access to the user profiles administered by the [Control Operator]. NeQter’s user accounts are managed in NeQter’s User Settings.
e. Audit logging tools are protected from unauthorized modification.
To satisfy the requirements of this assessment objective, NeQter fully assists the [Control Operator] in restricting the ability of any NeQter user to modify audit logging tools. NeQter’s audit logging tools are pre-configured to industry standards and are updated and modified exclusively by NeQter’s development team. For assistance with NeQter’s audit logging tools, the [Control Operator] may reach out to NeQter’s Support team for assistance.
f. Audit logging tools are protected from unauthorized deletion.
NeQter restricts all users from deleting audit logging tools which satisfies the requirements of this objective. NeQter’s audit logging tools are pre-configured to industry standards and are updated, modified, and deleted exclusively by NeQter’s development team. For assistance with NeQter’s audit logging tools, the [Control Operator] may reach out to NeQter’s Support team for assistance.
AU.L2-3.3.9
Limit management of audit logging functionality to a subset of privileged users.
This process is met when using NeQter to assist.
a. A subset of privileged users granted access to manage audit logging functionality is defined.
NeQter can fully assist with this assessment objective by allowing the [Control Operator] to define administrator, standard, and audit NeQter system users that make up the organization-defined subset of privileged users that have a valid business justification. The various user accounts can be configured in NeQter’s User Settings.
b. Management of audit logging functionality is limited to the defined subset of privileged users.
This assessment objective is satisfied in full by allowing the [Control Operator] to designate administrator, standard and, audit NeQter system users that make up the organization-defined subset of privileged users. User accounts can be configured in NeQter’s User Settings. When reviewing audit-related privileges annually per industry standard, the [Control Operator] can trust that audit logging functionality is restricted to the defined subset of NeQter user accounts that are managed by the [Control Operator] and have a valid business justification.
Configuration Management (CM)
CM.L2-3.4.1
Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective f and meets objective d and e.
a. A baseline configuration is established.
NeQter Labs does not define this policy or process.
b. The baseline configuration includes hardware, software, firmware, and documentation.
NeQter Labs does not define this policy or process.
c. The baseline configuration is maintained (reviewed and updated) throughout the system development life cycle.
NeQter Labs does not define this policy or process.
d. A system inventory is established.
NeQter can fully assist with this assessment objective if the [Control Operator] configures and installs the provided agents to populate NeQter’s Hosts Inventory Tab.
e. The system inventory includes hardware, software, firmware, and documentation.
This assessment objective is assisted in full when using NeQter which tracks and monitors changes to hardware, software, firmware, and documentation.
f. The inventory is maintained (reviewed and updated) throughout the system development life cycle.
NeQter can partially assist with this assessment objective by giving the [Control Operator] the ability to view the device inventory that makes up the organizationally defined baseline configuration in NeQter’s Hosts Inventory Tab.
CM.L2-3.4.3
Track, review, approve or disapprove, and log changes to organizational systems.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b and meets objectives a, and d. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. Changes to the system are tracked.
NeQter can fully assist with this assessment objective by visualizing configuration-controlled changes in the Windows dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze configuration-controlled changes directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for detailed content in NeQter’s Discovery Tab.
The [Control Operator] can save the search filter to track and send alerts about system changes with NeQter’s Reports Tab.
b. Changes to the system are reviewed.
NeQter can partially assist with this assessment objective by giving the [Control Operator] a visualization of system changes in the Windows dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze configuration-controlled changes directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for details in NeQter’s Discovery Tab.
c. Changes to the system are approved or disapproved.
NeQter Labs does not define this policy or process.
d. Changes to the system are logged.
This assessment objective is assisted in full when using NeQter by giving the [Control Operator] a visualization of configuration-controlled changes in the Windows dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze system changes directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for audit records in NeQter’s Discovery Tab. The [Control Operator] can save their customized search filters to monitor and report changes with NeQter’s Reports Tab.
CM.L2-3.4.7
Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives c, f, i, l and o. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Essential programs are defined.
NeQter Labs does not define this policy or process.
b. The use of nonessential programs is defined.
NeQter Labs does not define this policy or process.
c. The use of nonessential programs is restricted, disabled, or prevented as defined.
In order to partially assist with this assessment objective NeQter visualizes application and program activity in the windows dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze program data directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for program usage data in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about the use of programs with NeQter’s Reports Tab.
d. Essential functions are defined.
NeQter Labs does not define this policy or process.
e. The use of nonessential functions is defined.
NeQter Labs does not define this policy or process.
f. The use of nonessential functions is restricted, disabled, or prevented as defined.
To partially assist with this assessment objective NeQter visualizes function activity in the windows dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze functions directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for function related data in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about function use with NeQter’s Reports Tab.
g. Essential ports are defined.
NeQter Labs does not define this policy or process.
h. The use of nonessential ports is defined.
NeQter Labs does not define this policy or process.
i. The use of nonessential ports is restricted, disabled, or prevented as defined.
This assessment objective is addressed using NeQter which partially assists in visualizing open port activity in the Vulnerability and Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze port activity directly in the dashboards or pin them, so they can be looked at in raw log form or further parsed for port details in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about ports with NeQter’s Reports Tab.
j. Essential protocols are defined.
NeQter Labs does not define this policy or process.
k. The use of nonessential protocols is defined.
NeQter Labs does not define this policy or process.
l. The use of nonessential protocols is restricted, disabled, or prevented as defined.
NeQter assists in satisfying the requirement of this assessment objective by visualizing protocol use in the Vulnerability and Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze protocol use directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for protocol details in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to monitor and send alerts about the use of protocols with NeQter’s Reports Tab.
m. Essential services are defined.
NeQter Labs does not define this policy or process.
n. The use of nonessential services is defined.
NeQter Labs does not define this policy or process.
o. The use of nonessential services is restricted, disabled, or prevented as defined.
NeQter can partially assist with this assessment objective by visualizing service activity in the Windows, Vulnerability and Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze service use directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for service activity in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about service activity with NeQter’s Reports Tab.
CM.L2-3.4.9
Control and monitor user-installed software.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b and c. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. A policy for controlling the installation of software by users is established.
NeQter Labs does not define this policy or process.
b. Installation of software by users is controlled based on the established policy.
NeQter Labs does not define this policy or process.
c. Installation of software by users is monitored.
To partially assist with this assessment objective NeQter gives the [Control Operator] the ability to view software in the device inventory that makes up the organizationally defined baseline configuration in NeQter’s Hosts Inventory Tab. NeQter can visualize the installation of software in the windows dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze installation logs directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for the user and software installed in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about software installation with NeQter’s Reports Tab.
Identification & Authentication (IA)
IA.L1-3.5.1
Identity information system users, processes acting on behalf of users, or devices.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives a, b and meets object c.
a. System users are identified.
In order to partially assist with this assessment objective NeQter, visualizes system users in the Windows, G-Suite, and Office 365 dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can filter and analyze the activity of system users directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for system user data in NeQter’s Discovery Tab. Industry standard recommends a quarterly review of the privileges given to system users to conform to the principle of least privilege.
b. Processes acting on behalf of users are identified.
NeQter can partially assist with this assessment objective by visualizing processes of the system users in the Windows, G-Suite, and Office 365 dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can filter, and analyze the activity of processes directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for process data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter to monitor and send alerts about process activity with NeQter’s Reports Tab.
c. Devices accessing the system are identified.
To fully assist with this assessment objective NeQter identifies devices accessing the system with NeQter’s Hosts Inventory Tool. NeQter can also visualize connected devices in NeQter’s Dashboard Tab. The [Control Operator] can filter, and analyze connected devices activity directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for data in NeQter’s Discovery Tab. The [Control Operator] can save the search filter, monitor, and send alerts about connected devices with NeQter’s Reports Tab.
Incident Response (IR)
IR.L2-3.6.1
Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives c, and d. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. An operational incident-handling capability is established.
NeQter Labs does not define this policy or process.
b. The operational incident-handling capability includes preparation.
NeQter Labs does not define this policy or process.
c. The operational incident-handling capability includes detection.
NeQter can partially assist with this assessment objective by visualizing security-related events in the windows and firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze logs from detection systems directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for detection details in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts to report detected incidents with NeQter’s Reports Tab.
d. The operational incident-handling capability includes analysis.
In order to partially assist with this assessment objective NeQter visualizes security-related events in the windows and firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze logs from detection systems directly in the dashboard or pin them, so they it can be looked at in raw log form or further parsed for event details in NeQter’s Discovery Tab.
e. The operational incident-handling capability includes containment.
NeQter Labs does not define this policy or process.
f. The operational incident-handling capability includes recovery.
NeQter Labs does not define this policy or process.
g. The operational incident-handling capability includes user response activities.
NeQter Labs does not define this policy or process.
IR.L2-3.6.2
Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives a, and b. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Incidents are tracked.
To partially assist with this assessment objective NeQter visualizes security-related incidents in the windows, firewall and vulnerability dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze logs from detection systems directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for system weaknesses, deficiencies, and vulnerability’s in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate detection monitoring and send alerts to the [Control Operator] about suspected cybersecurity events with NeQter’s Reports Tab.
b. Incidents are documented.
This assessment objective is addressed using NeQter which partially assists by visualizing security-related incidents in the windows, firewall and vulnerability dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review and analyze logs from detection systems directly in the dashboards or pin them, so that they can be looked at in raw log form or further parsed for system weaknesses, deficiencies, and vulnerability’s in NeQter’s Discovery Tab. The [Control Operator] can then export documentation to a CSV or JSON data file from within NeQter’s Discovery Tab. This data file satisfies the requirement to meet this objective.
c. Authorities to whom incidents are to be reported are identified.
NeQter Labs does not define this policy or process.
d. Organizational officials to whom incidents are to be reported are identified.
NeQter Labs does not define this policy or process.
e. Identified authorities are notified of incidents.
NeQter Labs does not define this policy or process.
f. Identified organizational officials are notified of incidents.
NeQter Labs does not define this policy or process.
Media Protection (MP)
MP.L2-3.8.8
Prohibit the use of portable storage devices when such devices have no identifiable owner.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with this objective.
a. The use of portable storage devices is prohibited when such devices have no identifiable owner.
To assist in satisfying the requirements of this assessment objective NeQter can visualize portable storages devices in the windows and firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze portable storage use directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for usage data in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to monitor and alert to the use of portable storages devices with NeQter’s Reports Tab.
Risk Management (RM)
RM.L2-3.11.2
Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective a, and meets all the following objectives.
a. The frequency to scan for vulnerabilities in organizational systems and applications is defined.
NeQter can partially assist with this assessment objective by providing the [Control Operator] a platform to scan organizational systems and applications for vulnerabilities using NeQter’s Vulnerability Scanner. It is up to the [Control Operator] to define the frequency of scans but once configured NeQter will scan depending on the set frequency.
b. Vulnerability scans are performed on organizational systems with the defined frequency.
NeQter can fully assist with this assessment objective by providing the [Control Operator] a platform to scan organizational systems and applications for vulnerabilities using NeQter’s Vulnerability Scanner. It is up to the [Control Operator] to define the frequency of scans but once configured NeQter will scan depending on the set frequency.
c. Vulnerability scans are performed on applications with the defined frequency.
In order to meet this objective, NeQter fully assists by providing the [Control Operator] a platform to scan organizational system and applications for vulnerabilities using NeQter’s Vulnerability Scanner. It is up to the [Control Operator] to define the frequency of scans but once configured NeQter will scan depending on the set frequency.
d. Vulnerability scans are performed on organizational systems when new vulnerabilities are identified.
This assessment objective is assisted in full when using NeQter by providing the [Control Operator] a platform to scan organizational systems and applications for vulnerabilities using NeQter’s Vulnerability Scanner. It is up to the [Control Operator] to define the frequency of scans but once configured NeQter will scan depending on the set frequency. NeQter’s scanner is configured to update automatically to keep the list of vulnerability signatures up to date.
e. Vulnerability scans are performed on applications when new vulnerabilities are identified.
To satisfy the requirements of this assessment objective NeQter fully assists the [Control Operator] by providing platform to scan organizational systems and applications for vulnerabilities using NeQter’s Vulnerability Scanner. It is up to the [Control Operator] to define the frequency of scans but once configured NeQter will scan depending on the set frequency. NeQter’s scanner is configured to update automatically to keep the list of vulnerability signatures up to date.
RM.L2-3.11.3
Remediate vulnerabilities in accordance with risk assessments.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b and meets objective a with assistance.
a. Vulnerabilities are identified.
NeQter can fully assist with this assessment objective by providing the [Control Operator] a platform to scan organizational system and applications for vulnerabilities using NeQter’s Vulnerability Scanner. Detected vulnerabilities are visualized via a dashboard in NeQter’s Dashboard Tab. It is up to the [Control Operator] to define the frequency of scans but once configured NeQter will scan depending on the set frequency. NeQter’s scanner is configured to update automatically to keep the list of vulnerability signatures up to date.
b. Vulnerabilities are remediated in accordance with risk assessments.
NeQter can partially assist with this assessment objective by offering general guidance on how to remediate the vulnerability and then by running another vulnerability scan using NeQter’s Vulnerability Scanner to prove that the vulnerability has been remediated.
Security Assessment (CA)
CA.L2-3.12.2
Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objectives a, and b. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. Deficiencies and vulnerabilities to be addressed by the plan of action are identified.
This assessment objective is addressed using NeQter which partially assists by, providing the [Control Operator] a platform to scan organizational systems and applications for vulnerabilities using NeQter’s Vulnerability Scanner. NeQter can assist the [Control Operator] identify deficiencies from the raw logs of the organizations native logging devices. The [Control Operator] can search raw logs for data related to deficiencies in NeQter’s Discovery Tab.
b. A plan of action is developed to correct identified deficiencies and reduce or eliminate identified vulnerabilities.
To assist in satisfying the requirements of this assessment objective NeQter provides the [Control Operator] a platform to write a plan of action or POA&M in NeQter’s Compliance Tab . The POA&M can be exported as a pdf document for distribution.
c. The plan of action is implemented to correct identified deficiencies and reduce or eliminate identified vulnerabilities.
NeQter Labs does not define this policy or process.
CA.L2-3.12.4
Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with all assessment objectives.
a. A system security plan is developed.
In order to partially assist with this assessment objective NeQter gives the [Control Operator] a platform to author a system security plan based on the CMMC and NIST frameworks in NeQter’s Compliance Tab. The compliance tool can export the SSP as a PDF document.
b. The system boundary is described and documented in the system security plan.
To partially assist with this assessment objective NeQter gives the [Control Operator] a platform to author a system security plan based on the CMMC and NIST frameworks in NeQter’s Compliance Tab. The compliance tool allows the [Control Operator] to upload supporting documents.
c. The system environment of operation is described and documented in the system security plan.
This assessment objective is addressed using NeQter which partially assists by giving the [Control Operator] a platform to author a system security plan based on the CMMC and NIST frameworks in NeQter’s Compliance Tab. The compliance tool allows the [Control Operator] to upload supporting documents.
d. The security requirements identified and approved by the designated authority as non-applicable are identified.
NeQter assists in satisfying the requirements of this assessment objective by giving the [Control Operator] a platform to author a system security plan based on the CMMC and NIST frameworks in NeQter’s Compliance Tab.
e. The method of security requirement implementation is described and documented in the system security plan.
To assist in satisfying the requirements of this assessment objective NeQter, gives the [Control Operator] a platform to author a system security plan based on the CMMC and NIST frameworks in NeQter’s Compliance Tab. The compliance tool allows the [Control Operator] to upload supporting documents.
f. The relationship with or connection to other systems is described and documented in the system security plan.
NeQter can partially assist with this assessment objective by giving the [Control Operator] a platform to author a system security plan based on the CMMC and NIST frameworks in NeQter’s Compliance Tab. The compliance tool allows the [Control Operator] to upload supporting documents.
g. The frequency to update the system security plan is defined.
In order to partially assist with this assessment objective NeQter, gives the [Control Operator] a platform to author a system security plan based on the CMMC and NIST frameworks in NeQter’s Compliance Tab. The compliance tool uses version tracking so that updates are time stamped.
h. System security plan is updated with the defined frequency.
To partially assist with this assessment objective NeQter gives the [Control Operator] a platform to author a system security plan based on the CMMC and NIST frameworks in NeQter’s Compliance Tab. The compliance tool uses version tracking so that updates are time stamped.
System & Communications Protection (SC)
SC.L1-3.13.1
Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective a, b, c, and d. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. The external system boundary is defined.
This assessment objective is addressed using NeQter which partially assists the [Control Operator] to monitor organizationally defined external system boundaries by centrally collecting the raw log data from the organizations networking devices. NeQter visualizes external system boundary traffic in the Firewall dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze external boundary traffic directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for communications across key external boundaries in NeQter’s Discovery Tab.
b. Key internal system boundaries are defined.
To assist in satisfying the requirements of this assessment objective NeQter, allows the [Control Operator] to monitor organizationally defined internal system boundaries by centrally collecting the raw log data from the organizations networking devices. NeQter visualizes internal system boundary traffic in the Firewall dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze internal boundary traffic directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for communications across key internal boundaries in NeQter’s Discovery Tab.
c. Communications are monitored at the external system boundary.
NeQter can partially assist with this assessment objective by allowing the [Control Operator] to monitor organizationally defined external system boundaries by centrally collecting the raw log data from the organizations networking devices. NeQter visualizes external system boundary traffic in the Firewall dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze external boundary traffic directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for communications across key external boundaries in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about communications with NeQter’s Reports Tab.
d. Communications are monitored at key internal boundaries.
In order to partially assist with this assessment objective NeQter assists the [Control Operator] in monitoring organizationally defined internal system boundaries by centrally collecting the raw log data from the organizations networking devices. NeQter visualizes internal system boundary traffic in the Firewall dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze internal boundary traffic directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for communications across key internal boundaries in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about communications with NeQter’s Reports Tab.
e. Communications are controlled at the external system boundary.
NeQter Labs does not define this policy or process.
f. Communications are controlled at key internal boundaries.
NeQter Labs does not define this policy or process.
g. Communications are protected at the external system boundary.
NeQter Labs does not define this policy or process.
h. Communications are protected at key internal boundaries.
NeQter Labs does not define this policy or process.
SC.L2-3.13.7
Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling)
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with the objective.
a. Remote devices are prevented from simultaneously establishing non-remote connections with the system and communication via some other connection to resources in external networks (i.e., split tunneling).
NeQter can partially assist with this assessment objective by visualizing remote devices in the Windows and Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze remote device data directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for split tunneling evidence in NeQter’s Discovery Tab. The [Control Operator] can save their custom search filters to monitor and send alerts about split tunnelling with NeQter’s Reports Tab.
SC.L2-3.13.14
Control and monitor the use of Voice over Internet Protocol (VOIP) technologies.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b. The other objective is a policy or process which is the responsibility of the [Control Operator].
a. Use of Voice over Internet Protocol (VoIP) technologies is controlled.
NeQter Labs does not define this policy or process.
b. Use of Voice over Internet Protocol (VoIP) technologies is monitored.
To partially assist with this assessment objective NeQter visualizes voice over IP devices in the Windows and Firewall dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze VOIP devices directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for VOIP data in NeQter’s Discovery Tab. The [Control Operator] can save their custom search filters to monitor and send alerts about VOIP with NeQter’s Reports Tab.
System & Information Integrity (SI)
SI.L1-3.14.1
Identify, report, and correct information and information system flaws in a timely manner.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with all objectives.
a. The time within which to identify system flaws is specified.
To partially assist with this assessment objective NeQter allows the [Control Operator] to schedule vulnerability scans in NeQter’s Vulnerability Scanner. NeQter can also visualize system flaws in the Windows and Health dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze system flaws directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for details in NeQter’s Discovery Tab. The [Control Operator] can save the search filters to monitor and send alerts about identified system flaws and software updates with NeQter’s Reports Tab.
b. System flaws are identified within the specified time frame.
This assessment objective is addressed using NeQter which partially assists by allowing the [Control Operator] to schedule vulnerability scans in NeQter’s Vulnerability Scanner. NeQter can also visualize system flaws in the Windows and Health dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze system flaws directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for details in NeQter’s Discovery Tab. The [Control Operator] can save the search filters to monitor and send alerts about identified system flaws and software updates with NeQter’s Reports Tab.
c. The time within which to report system flaws is specified.
To assist in satisfying the requirements of this assessment objective NeQter, allows the [Control Operator] to schedule vulnerability scans in NeQter’s Vulnerability Scanner. NeQter can also visualize system flaws in the Windows and Health dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze system flaws directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for details in NeQter’s Discovery Tab. The [Control Operator] can save the search filters to monitor and send alerts about identified system flaws and software updates with NeQter’s Reports Tab.
d. System flaws are reported within the specified time frame.
NeQter can partially assist with this assessment objective by allowing the [Control Operator] to schedule vulnerability scans in NeQter’s Vulnerability Scanner. NeQter can also visualize system flaws in the Windows and Health dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze system flaws directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for details in NeQter’s Discovery Tab. The [Control Operator] can save the search filters to monitor and send alerts about identified system flaws and software updates with NeQter’s Reports Tab.
e. The time within which to correct system flaws is specified.
In order to partially assist with this assessment objective NeQter, recommends installing critical security patches within 30 days and non-critical security patches within 90 days of the vendor’s release date.
f. System flaws are corrected within the specified time frame.
To satisfy the requirements of this assessment objective NeQter allows the [Control Operator] to re-scan for patched vulnerabilities with NeQter’s Vulnerability Scanner. NeQter also visualizes system flaws in the health dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze for patched system flaws directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for details in NeQter’s Discovery Tab.
SI.L2-3.14.3
Monitor system security alerts and advisories and take action in response.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with objective b. The other objectives are policies and processes which are the responsibility of the [Control Operator].
a. Response actions to system security alerts and advisories are identified.
NeQter Labs does not define this policy or process.
b. System security alerts and advisories are monitored.
NeQter can partially assist with this assessment objective assists the [Control Operator] by visualizing system security alerts in the Windows, Audit, Vulnerability, and Firewall dashboards found in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze system security alerts directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for details in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about system security alerts with NeQter’s Reports Tab.
c. Actions in response to system security alerts and advisories are taken.
NeQter Labs does not define this policy or process.
SI.L2-3.14.6
Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with all objectives.
a. The system is monitored to detect attacks and indicators of potential attacks.
In order to partially assist with this assessment objective NeQter visualizes attack indicators in the Windows, Audit, Vulnerability, and Firewall dashboards found in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze system security alerts directly in the dashboard or pin them, so that they can be looked at in raw log form or further parsed for details in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about indications of potential attacks with NeQter’s Reports Tab.
b. Inbound communications traffic is monitored to detect attacks and indicators of potential attacks.
To partially assist with this assessment objective NeQter allows the [Control Operator] to monitor inbound communications traffic by centrally collecting the raw log data from the organizations networking devices. NeQter visualizes inbound communications traffic in the Firewall dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze inbound communications traffic directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for communications across key boundaries in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about communications with NeQter’s Reports Tab.
c. Outbound communications traffic is monitored to detect attacks and indicators of potential attacks.
This assessment objective is addressed using NeQter which partially assists by allowing the [Control Operator] to monitor outbound communications traffic by centrally collecting the raw log data from the organizations networking devices. NeQter visualizes outbound communications traffic in the Firewall dashboard available in NeQter’s Dashboard Tab. The [Control Operator] can review, and analyze outbound communications traffic directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for communications across key boundaries in NeQter’s Discovery Tab. The [Control Operator] can save their search filters to automate monitoring and send alerts about communications with NeQter’s Reports Tab.
SI.L2-3.14.7
Identify unauthorized use of organizational systems.
This process is a partial meet using NeQter. NeQter can help the [Control Operator] with all objectives.
a. Authorized use of the system is defined.
To assist in satisfying the requirements of this assessment objective NeQter visualizes the use of systems in the Windows, G-Suite, and Office 365 dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can filter, and analyze the activity of systems directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for user data in NeQter’s Discovery Tab.
b. Unauthorized use of the system is identified.
To assist in meeting this assessment objective NeQter visualizes the use of systems in the Windows, G-Suite, and Office 365 dashboards available in NeQter’s Dashboard Tab. The [Control Operator] can filter, and analyze the activity of systems directly in the dashboard or pin it, so that it can be looked at in raw log form or further parsed for user data in NeQter’s Discovery Tab.