Any organization seeking to meet NIST compliance requirements needs to show proof of their compliance – Blumira’s SIEM quickly and easily provides the reports you need for certain NIST controls.
What is NIST?
The National Institute of Standards and Technology Special Publication (NIST SP) 800-171 is a set of compliance controls and security framework that applies to non-federal agencies that work with government entities. That includes any government contractors and subcontractors. It provides guidance on how to handle and secure Controlled Unclassified Information (CUI).
What is a NIST Assessment?
Organizations are responsible for ensuring their own compliance with NIST by using a third-party firm to conduct an audit. During an audit, the auditor will examine your security systems and measures and compare them to NIST compliance requirements.
How Can Blumira Help With NIST?
Now, Blumira users can use our pre-built global reports to demonstrate compliance with NIST controls. These reports list out log data collected from your environment through any integrations you have set up with Blumira’s SIEM.
Which Reports Map to Which NIST Controls?
See which Blumira reports map to which NIST 800-171 controls so you can easily hand over pre-built reports to your auditor to prove your compliance. Please note that each report is available for certain integrations, which are listed under each report below:
|NIST 800-171 Controls||Blumira Report|
|NIST 3.1 Access Control|
3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).
|(NIST) Unauthorized Access Attempts
Blumira’s report lists out all failed login attempts, access denied events, etc. over the last 90 days. This verifies proper logging and monitoring of access.
Available for: Windows & Linux
|3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute.||(NIST) Service Account Access
This report lists all service account login events to help you confirm appropriate use of these accounts.
Available for: Azure & Windows
|3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts.||(NIST) User Entitlement
This report shows all user permissions and roles to validate proper access controls and least privilege.
Available for: Azure AD, GSuite (Now Google Workspace) & Windows
|3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.||(NIST) Privilege Elevations
Blumira's report shows all instances where user privileges were temporarily escalated, such as sudo commands. This verifies proper approval and monitoring.
Available for: Windows & Linux
|3.1.12 Monitor and control remote access sessions||(NIST) VPN Connection
This lists all VPN connection events for remote users within your environment. This validates connections were authorized.
Available for: Fortigate, GlobalProtect, Cisco ASA, SonicWall, Sophos, & WatchGuard
|NIST 3.3 Audit & Accountability|
3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
|(NIST) Audit Logs & Records
This report shows your "earliest" log by type to help you prove data retention and show length of time period.
|NIST 3.4 Configuration Management|
3.4.3 Track, review, approve or disapprove, and log changes to organizational systems.
|(NIST) Configuration Changes
Blumira's report lists all configuration changes made to systems and devices over the last 90 days, such as firewall changes. This verifies proper change management.
Available for: Cisco ASA, Fortigate, & Palo Alto
|NIST 3.14 System & Information Integrity|
3.14.2 Provide protection from malicious code at designated locations within organizational systems.
|(NIST) Malware Detection
This report lists out instances where anti-malware tools detected malware over a certain time period.
Available for: Microsoft 365, Carbon Black, CrowdStrike, Cylance, Defender
How Can I Access the Reports?
Blumira customers on paid editions can use global and saved reports to easily access the NIST compliance reports, as well as many other reports to analyze the logged events that you send Blumira. This is useful for conducting activities like:
- Digital forensics and incident response (DFIR) work
- Threat hunting
- General operational monitoring
To view a NIST global report or one of your saved reports, follow these easy steps:
Click Load Saved Report. Type “NIST” into the search box at the top of the Saved Reports screen.
In the Saved Reports window, click the report that you want to use.
Note: You can type a name or keyword to filter the list or scroll to find a specific report. When you search “NIST,” the compliance reports you can view will vary based on which integrations you currently have set up for your organization.
Get more tips on how to use Blumira’s Report Builder in our documentation article, Using global and saved reports.
Here’s a full list of the compliance reports available:
Note: These screenshots show a universal environment with all possible integrations set up; customers will only see the reports relevant to their actual integrations
Best Practices For Using These NIST Reports
To ensure you’re ready for your NIST compliance audit, we recommend using our Scheduled Reports feature to run them every month and send them to your email account. If you set up a folder that contains all of these regularly-run reports, you’ll be ready to hand them over to a third-party auditor at any time.
Provide your auditor with time/date-stamped documents that clearly show that you’re complying with the framework to ensure your audit goes smoothly.
Learn More About NIST Compliance & Blumira
Blumira can help support organizations with NIST 800-171 controls 3.3.1-3.3.9 on Audit and Accountability. Learn more about NIST 800-171 & Blumira.
- NIST Special Publication 800-171 Revision 2 – PDF of the compliance requirements
- The CTO Agency Case Study – The CTO Agency (an MSP) needed a solution that met strict NIST compliance controls, including logging, SIEM and alerting of anomalous activity.
- NIST Cybersecurity Framework: What You Should Know – Learn more about the five pillars of the NIST Cybersecurity Framework to build and improve on your information security program.