We’ve said it before: The Department of Defense Cybersecurity Maturity Model Certification (CMMC) Program is extremely complex. Contractors working within the Department of Defense supply chain must create detailed processes to show they can satisfy the DoD’s tightened data security requirements.
As a first step, contractors should focus on successfully auditing their practices and meeting CMMC compliance standards. To help them succeed in this new environment, SP6 is introducing CMMC Guardian, a Splunk-powered app.
We developed CMMC Guardian to work with the data collected by Splunk using security tools designed for incident monitoring. Some SP6 clients currently use Splunk as a Security Information and Event Management solution, or SIEM, for troubleshooting.
What Makes SP6 CMMC Guardian Unique?
Unlike other CMMC evidence collection and auditing tools on the market, the SP6 CMMC Guardian app takes Splunk SIEM data and configures it for compliance purposes.
“We have the only app out there leveraging SIEM data to provide real-time compliance alerting, so you know when it’s necessary to take action,” said Jon Papp, SP6 ‘s Vice President of Services and Solutions, and the leader of the company’s CMMC team.
“You can apply it to your organizational CMMC controls and see where you’re compliant or non-compliant.”
Splunk already automates log collection by ingesting data from remote systems, and can parse it and categorize it for reporting purposes. This alleviates the need for a VPN and a log export, which is a manual and time-consuming process.
In the SP6 CMMC Guardian app, you can create dashboards on a per-control basis. There are 110 controls in CMMC, which are aligned with NIST 800-171 standards. Of these 110 controls, 56 can currently be automated, Papp said.
At the same time the DoD transformed CMMC 1.0, the original program, into CMMC 2.0, SP6 adjusted the CMMC Guardian app to reflect the modifications.
CMMC Guardian Product Features
The SP6 CMMC Guardian solution provides continuous, real-time machine-generated inputs and alerts to find compliance gaps. It can either be web-based or an app if you have Splunk.
Other key features include:
- End-user security awareness training and tutorials for your security engineers provided by SP6 CMMC and Splunk experts.
- Assessment of open source or licensed tool options.
- Access to customizable InfoSec policy documents for CMMC – free of charge.
- Policy & Practices Connector: correlation rules check tool configurations against InfoSec policy.
- Assistance selecting the cyber tools CMMC requires.
SP6 Takes a Holistic Approach to CMMC
With CMMC Guardian, SP6 delivers the many components of CMMC into a single solution. You won’t have to spend time searching for this piece of CMMC with one vendor, or that piece with another vendor.
Furthermore, the CMMC Accreditation Body (CMMC-AB) has designated SP6 as a Registered Provider Organization (RPO). This means you can be confident our CMMC team knows what it’s doing!
If you need assistance, we’re ready and willing to help. It doesn’t matter where you are in the CMMC compliance process. Our experts will analyze your needs and consider your budget before recommending what your next steps should be.
For more details on the SP6 CMMC Guardian solution, contact us to schedule a free consultation.