Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CMMC - Data Protection

by Cody Dumont
July 1, 2020

CMMC - Data Protection

The Cybersecurity Maturity Model Certification (CMMC) was developed to create a framework to assess an organization's implementation of cybersecurity practices evenly across the defense industrial base. Using NIST 800-53 and NIST 800-171 as the baseline, the primary objective of CMMC is to consolidate the two security catalogs into a single measurable framework. Over the next 5 years, starting in June 2020, organizations that create Government off-the-shelf (GOTS) products, handle Federal Contract Information (FCI), or Controlled Unclassified Information (CUI) will need to show compliance at 1 of the 5 levels. Only Certified 3rd Party Assessment Organizations (C3PAO) will be able to certify an organization as compliant or not. Tenable.sc provides on-prem solutions for assessing Cyber Exposure practices and maps these practices to known assessment regulations such as NIST, CSF, and others. Tenable.sc provides on-prem solutions for assessing Cyber Exposure practices and maps these practices to the CMMC security domains: Media Protection (MP), System & Communications Protection (SC), System & Information Integrity (SI).  

The security operations team works diligently every day to protect data and ensure that only the authorized users have access to data.  However, data breaches happen daily, not due to a lack of effort. When a user arbitrarily uses applications that don’t protect data, or saves an attachment to their desktop, data may bypass even with the best controls. Tenable.sc uses Nessus Network Monitor (NNM) to monitor traffic that passes through the network. NNM assists the security operations team with controls related to “SC.3.185: Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.”  By passively detecting data exfiltration, NNM can detect open passwords, SSN, and other PII that could be passing in the clear.  

There are many other SC controls that discuss controlling how data at rest is stored, or that discuss USB or removable media. Tenable.sc comes with several audit files that search systems for Personal Identifiable Information (PII). These audit files are designed to look for different categories of PII, for example Social Security Number (By State), Phone No. and Address Info, Financial Statement, and many more. In combination with other configuration audits, the security operations team can thoroughly check all systems on the network for unauthorized data, and configurations that are out of compliance with data leakage prevention regulations. 

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The dashboard requirements are:

  • Tenable.sc 5.12.0
  • Nessus 8.9.0
  • Compliance Data

Tenable.sc Continuous View (CV) is the market-defining On-Prem Cyber Exposure Platform. Tenable.sc CV provides the ability to continuously Assess an organization’s adherence to best practice configuration baselines. Tenable.sc provides customers with a full and complete Cyber Exposure platform for completing an effective cybersecurity practices prescribed by CMMC standard.

Components

Data Leakage Monitoring - Top Subnets with the Most Passive Detections: This table presents the top Class C subnets with the most passive detections of data leakage. These passive detections are vulnerabilities reported by the Nessus Network Monitor (NNM) in the “Data Leakage” plugin family. The list is ordered so that the subnet with the highest number of detected data leakage activity is at the top. Activity highlighted within this component may include leakage of user credentials, Social Security numbers, file uploads, clear text transmission of credit card numbers, and more. A count of detections and a bar graph indicating the severity of the detections are given for each subnet.

Sensitive Data - Systems with Sensitive Data: This component presents a summary of systems with files that contain sensitive data. In order to identify systems with sensitive data, audit files from the Windows and Unix File Content Template folders are required. Information presented within this component will detect systems with credit card data, Social Security numbers, corporate source code, and other forms of Personally Identifiable Information (PII) stored on them. Systems with the highest number of detections of sensitive data stored on them are at the top of the list. Analysts can modify the component to include additional or specific information per organization requirements.

Data Protection - Data Protection Compliance Concerns: This component presents indicators that highlight compliance concerns associated with data, communication, and media protection. Red indicators are triggered when one or more compliance concerns have failed the compliance check or are out of the compliance range. Clicking on the indicator will bring up the vulnerability analysis screen to display details on the compliance concerns. Compliance issues highlighted within this component may indicate services that need to be disabled, permission changes, and other system hardening controls. The data should be reviewed by security teams to determine the level of risk to the organization.

CSF - Mobile Devices and Removable Media: This component assists an organization in monitoring mobile devices and removable media. Indicators are highlighted purple for mobile devices detected through active and passive scans, and for mobile devices managed through an MDM server. Indicators are also presented for device connection histories, vulnerabilities, and USB events. Additional indicators are highlighted red for compliance failures related to portable devices and removable media. Clicking on a highlighted indicator will bring up the analysis screen to display details on the detections and events and allow further investigation.

Data Leakage Monitoring - Vulnerabilities that Could Lead to Data Leakage: This component presents indicators by keyword for actively and passively detected vulnerabilities that could lead to data leakage. Vulnerabilities at all severity levels except Informational are included. The keywords cover disclosures, cryptographic issues, man-in-the-middle vulnerabilities, and weak authentication concerns. A purple indicator means that one or more vulnerabilities contain the keyword. Clicking on the indicator will bring up the analysis screen to display details on the vulnerabilities. In the analysis screen, setting the tool to IP Summary will display the systems on which the vulnerabilities are present. This component can be used to investigate vulnerabilities that could lead to data leakage.

Data Leakage Monitoring - Indicators: This component presents warning indicators to draw attention to types of data that may have been leaked and methods whereby data may be leaking. These indicators make use of both passive detections and events logged within the last 72 hours. A purple indicator highlights a vulnerability/event detection. In two cases (Credit Card Number and Social Security Number), there are two indicators: one to highlight data leakage detected passively and one to highlight data leakage detected through logged events. Clicking on a highlighted indicator will bring up the analysis screen to display details on the vulnerabilities/events. In the analysis screen, setting the tool to IP Summary will display the systems on which the vulnerabilities/events are present. This component can be used to further investigate any data leakage.

Data Protection - Vulnerabilities that Could Lead to Information Disclosure: This component presents a list of actively and passively detected vulnerabilities that could lead to data disclosure. Vulnerabilities at all severity levels except Informational are included. The keywords cover disclosures, cryptographic issues, man-in-the-middle vulnerabilities, and weak authentication concerns. Clicking on the Browse Component Data icon will bring up the vulnerability analysis screen to allow further investigation of the vulnerabilities. In the analysis screen, setting the tool to IP Summary will display the systems on which the vulnerabilities are present. This component is used to strengthen security controls and better protect data.

Data Leakage Monitoring - Top 10 Most Prevalent Passive Detections: This table presents the top 10 most prevalent passive detections of data leakage. These passive detections are vulnerabilities reported by NNM in the 'Data Leakage' plugin family. A count of detections is given for each vulnerability; the list is ordered so that the vulnerability with the greatest number of detections is at the top. The severity of the vulnerability and a count of hosts on which the vulnerability was observed are also given for each vulnerability.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training