Compliance promises brand reputation gains and competitive advantage. It is a proven way to demonstrate the effectiveness of security posture to your stakeholders. Though there are many benefits, most organizations find it difficult, and to make things worse, they fall short of a regulatory need. They end up self-deprecating as most of their audits are reactive and not continuous. This can lead to unattended compliance gaps, which may not be identified till an audit is performed. Complexity is another challenge when it comes to multiple audits, leading to more time and resources. Automating compliance management is the only way out. SanerNow’s Compliance Management (CM) module can consolidate and simplify multiple regulatory requirements by automating the end-to-end process across the organization. Take, for example, NIST Cybersecurity Framework(CSF) and Security Technical Implementation Guides(STIG). Both these compliance standards can now be achieved through SanerNow. The CM module can accomplish compliance objectives even while IT environments are undergoing rapid technology additions or changes. It hardens systems and remediates vulnerabilities and misconfigurations to reduce the attack surface and risk exposures.
Let’s delve into the details of how you can deploy NIST CSF and STIG compliance frameworks using SanerNow CM.
Accessing the newly introduced NIST CSF and STIG Benchmarks
Access the Benchmarks section in the SanerNow CM tool. Click the Create New Benchmark button.
Both NIST CSF Compliance and STIG Compliance are listed towards the top right side of the page.
Click on the NIST CSF Compliance tab to view the supported OS platforms.
Similarly, click on the STIG Compliance tab to view the supported OS and product platforms.
Creating NIST CSF framework benchmarks using SanerNow CM
Follow the below steps to create the NIST CSF framework benchmark in SanerNow CM.
Step 1: Click the Create New Benchmark button on the Benchmarks page in SanerNow CM.
Step 2: Select the NIST CSF Compliance benchmark. From the list of supported platforms, select the platform for which you want to apply the NIST CSF Compliance benchmark.
Step 3: Click the Choose devices to apply selected Benchmarks button.
Step 4: Provide the following inputs on the Create Benchmark screen.
Benchmark Name – Provide a name for the newly created benchmark. It’s a mandatory field.
Description — Provide a brief description for the benchmark task. It’s a mandatory field.
Assign to groups — Select the groups to which the benchmark will be applied.
Assign to tags — Specify the tags that should be considered while applying the benchmark.
Assign to other accounts — You can also apply the selected benchmark to different accounts.
Click the Create button once you have provided all the information.
The benchmark is created and applied to the applicable devices. You can view the newly created benchmark on the Benchmarks page.
You can edit, delete, and export the rules and values from the newly created benchmark to a CSV.
| ICON | USAGE |
 | Edit existing benchmarks. |
 | Delete existing benchmarks. |
 | Export the rules and values from the existing benchmark to a CSV. |
You can follow the above steps to create benchmarks and apply them to devices using the STIG compliance framework.
