If you’re like most people, you probably don’t enjoy authoring policies. Especially because you probably already have a full-time job to do… This is why Pivot Point Security created Policy Automator—to streamline and simplify the massive, never-ending task of ensuring you have the comprehensive and up-to-date policies, standards, and procedures you need to achieve and maintain compliance with ISO 27001, CMMC, and/or other frameworks.
Policy Automator gives you:
- A simple, elegant way to generate the comprehensive (200+ pages) policy documentation required to achieve and maintain compliance and certification with ISO 27001, CMMC, etc.
- Policy templates proven to help our clients achieve certification/compliance and maintain a robust security posture.
- Microsoft Word, PDF, and HTML versions of your policies for internal use
- Secured, redacted copies of your policies for external use (e.g., secure sharing with clients/assessors)
MON-02(a) Correlate Monitoring Information
The organization correlates information from monitoring tools employed throughout the organization.
ACME will correlate information from monitoring tools employed throughout the organization.
Correlating information from different monitoring tools can provide a more comprehensive view of information system activity. The correlation of monitoring tools that usually work in isolation (e.g., host monitoring, network monitoring, anti-virus software) can provide an organization-wide view and in so doing, may reveal otherwise unseen attack patterns. Understanding the capabilities/ limitations of diverse monitoring tools and how to maximize the utility of information generated by those tools can help organizations to build, operate and maintain effective monitoring programs.
Cyber Defense Analyst, in conjunction with Systems Security Developer, Network Operations Specialist, System Administrator and Cyber Defense Incident Responder:
(1) Uses vendor-recommended settings and industry-recognized secure practices that enable the implementation of appropriate physical, administrative and technical mechanisms to utilize the Alien Vault USM (SIEM), log review process to correlate information from monitoring tools (e.g., host monitoring, network monitoring, Sophos, etc.) to provide a more comprehensive view of network and system activities.
(2) On at least an annual basis, during the 4th quarter of the calendar year, reviews the process for non-conforming instances. As needed, revises processes to address necessary changes and evolving conditions. Whenever the process is updated:
- Distributes copies of the change to key personnel; and
- Communicates the changes and updates to key personnel.
(3) If necessary, requests corrective action to address identified deficiencies.
(4) If necessary, validates corrective action occurred to appropriately remediate deficiencies.
(5) If necessary, documents the results of corrective action and findings.
(6) If necessary, requests additional corrective action to address unremediated deficiencies.
US CMMC v1.02 – AU.3.051, AU.4.054, SI.2.217