Weitere ähnliche Inhalte
Ähnlich wie HyTrust-FISMA Compliance in the Virtual Data Center
Ähnlich wie HyTrust-FISMA Compliance in the Virtual Data Center (20)
Kürzlich hochgeladen (20)
HyTrust-FISMA Compliance in the Virtual Data Center
- 1. FISMA Compliance in the Virtual Data Center
Fulfilling NIST Requirements
© 2012, HyTrust, Inc. www.hytrust.com 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040 Phone: 650-681-8100 / email: info@hytrust.com
1
- 2. NIST Directives on Virtualization Security
“ Organizations should have the same security controls
in place for virtualized operating systems as they
have for the same operating systems running
”
directly on hardware.
“ Ensure that the hypervisor is properly secured.
”
“ Restrict and protect administrator access to the
virtualization solution.
The security of the entire virtual infrastructure relies on the security
of the virtualization management system that controls the
hypervisor and allows the operator to start guest OSs, create new
”
guest OS images, and perform other administrative actions.
Neither physical data center security controls nor the basic controls provided by the virtualization
platform were designed to fulfill these requirements for FISMA compliance.
© 2012, HyTrust, Inc. www.hytrust.com 2
- 3. HyTrust Role in NIST/FISMA Compliance
6 of 18 NIST 800-53 control families IDENTIFIER FAMILY
focus on controlling and tracking
infrastructure access or ensuring
configuration and system integrity
Compliance in virtual environments
requires an approach that addresses
the distinct attributes of virtual
infrastructure access, configuration,
and system integrity
HyTrust is purpose-built to control and
log access activity, ensure compliant
host configurations, and protect system
integrity in virtual environments
HyTrust fills critical gaps in the
virtualization platform’s NIST/FISMA
Source: NIST Special Publication 800-53, Revision 3
compliance capabilities*
* Platform capabilities mentioned in this document are believed to be accurate as of April, 2012, and are subject to revision
© 2012, HyTrust, Inc. www.hytrust.com 3
- 4. HyTrust Enables Access Control (AC) Compliance
AC Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for
Constraints/Gaps Virtual Environments
Account Specify access privileges and grant access to • Supports single factor • Supports multi-factor authentication
Management the system based on: (i) a valid access authentication only • Prevents root account sharing
(AC-2) authorization; (ii) intended system usage; and • Allows root account sharing • Prevents use of default passwords
(iii) other attributes as required by the • Allows default passwords • Enables limited access privileges based
organization or associated missions/business • Defaults to admin privileges on intended system usage and other
functions. for all operations attributes
Access Enforce approved authorizations for logical • Enables broad access • Enforces authorization policy defined by
Enforcement access to the system in accordance with privileges based on roles granular role-based and attribute-based
(AC-3) applicable policy. only access privileges
Information Enforce approved authorizations for • Allows unfiltered VM-to-VM • Enforces trust zone policies that
Flow controlling the flow of information within the communications, constrain users’ ability to change
Enforcement system and between interconnected systems unconstrained by policy information flows
(AC-4) in accordance with policy.
Separation of Implement separation of duties through • Provides limited ability to • Provides the authorization granularity
Duties (AC-5) assigned information system access enforce access policies needed for effective separation of
authorizations. separating duties duties
• Provides no pre-defined • Provides 17 pre-defined, customizable
roles besides administrator roles
Least Privilege Employ the concept of least privilege, allowing • Defaults to super user • Allows only the operations and access to
(AC-6) only authorized accesses for users which are privileges virtual resources users need to do their
necessary to accomplish assigned tasks in jobs
accordance with organizational mission.
Security Support the binding of security attributes to • Provides no mechanism to • Enables object tagging with security
Attributes information in storage, in process, and in tag virtual objects with attributes that enable robust and
(AC-16) transmission. security attributes flexible access control
© 2012, HyTrust, Inc. www.hytrust.com 4
- 5. HyTrust Enables Audit and Accountability (AU) Compliance
(continued)
AU Control NIST Requirement for FISMA Virtualization Platform HyTrust Requirement Fulfillment for
Compliance Constraints/Gaps Virtual Environments
Audit Review, Analyze and correlate audit records • Provides basic virtualization • Provides the thorough, fine-grained
Analysis, and across different repositories to gain event data to SIEM solutions virtualization event data needed by
Reporting (AU-6) organization-wide situational awareness that may not be detailed SIEM solutions for correlation with
enough for correlation with similarly detailed physical data
physical data center audit center records
records
Non-Repudiation Protect against an individual falsely • Allows admin anonymity via • Associates unique user ID with every
(AU-10) denying having performed a particular sharing of root account event logged
action.
Audit Generation Provide audit record generation • Creates separate log files for • Consolidates and centrally manages
(AU-12) capability for the list of auditable events vCenter and each host server logs covering vCenter and all hosts
defined in AU-2. • Uses different log formats for • Uses a single, uniform format for
Produce audit records in a standardized vCenter vs. hosts combined vCenter and host log data
format.
© 2012, HyTrust, Inc. www.hytrust.com 5
- 6. HyTrust Enables Security Assessment and Authorization (CA)
Compliance
CA Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment
Constraints/Gaps for Virtual Environments
Continuous Establish a continuous monitoring strategy • Does not provide functionality • Continuously monitors hypervisor
Monitoring (CA-7) and implement a continuous monitoring to continuously monitor and configurations for drift and policy
program that includes: manage the hypervisor violations
• a configuration management process for configuration • Determines the security impact of
the information system • Does not provide functionality configuration changes by
• a determination of the security impact of to determine the security continuously comparing
changes to the information system impact of changes to the configuration states to baselines
hypervisor configuration such as C.I.S. Benchmark
• Can only implement standards, VMware Best
permissions on virtual Practices, and other frameworks
objects in a hierarchical • Can establish permissions and
fashion; cannot implement policies that can follow the virtual
meaningful permissions in a machine regardless of where it
dynamic environment. resides in the environment
© 2012, HyTrust, Inc. www.hytrust.com 6
- 7. HyTrust Enables Configuration Management (CM) Compliance
CM Control NIST Requirement for FISMA Virtualization Platform HyTrust Requirement Fulfillment for Virtual
Compliance Constraints/Gaps Environments
Baseline Develop, document, and maintain under • Host Profiles functionality • Enables organization to define and automatically
Configuration configuration control, a current baseline for maintaining baselines maintain a custom baseline configuration or a pre-
(CM-2) configuration. not available with built baseline such as C.I.S. Benchmark standards,
Employ automated mechanisms to Standard or Enterprise VMware Best Practices, or other frameworks
maintain an up-to-date, complete, versions of platform • Does not require putting hosts in maintenance mode
accurate, and readily available baseline • Requires hosts to be put in after remediating baseline variations
configuration. maintenance mode and • Provides automated configuration maintenance for
all VM’s to be moved to all versions of virtualization platform
another host for the
duration of the operation.
Configuration Audit activities associated with • Logs changes for individual • Centrally logs all hypervisor configuration change
Change configuration-controlled changes. hosts only, and may not event data, including specific user, action
Control Employ automated mechanisms to capture unique user ID attempted (allowed or denied), source IP,
(CM-3) implement changes to the current • Puts hosts in maintenance timestamp, target, etc.
baseline and deploy the updated mode to deploy changes • Automates deployment of changes to the security
baseline across the installed base. configuration of the hypervisor, without putting
hosts in maintenance mode
Access Enforce logical access restrictions • Enables broadly defined • Applies granular, user-specific role-based access
Restrictions associated with changes to the system. role-based access controls to the hypervisor configuration and
for Change Employ automated mechanisms to restrictions management interfaces
(CM-5) enforce access restrictions and support • Does not log disallowed or • Automatically logs all allowed and denied operations
auditing of the enforcement actions. failed operations on the hypervisor configuration
• Does not support privileges
Limit developer/ integrator privileges to • Enables enforcement of access restrictions
tied to objects such as
change hardware, software, and customized for roles such as developer and
“production” VMs
firmware and system information within integrator, and limitation of privileges on virtual
a production environment. objects assigned a label such as “production”
© 2012, HyTrust, Inc. www.hytrust.com 7
- 8. HyTrust Enables Configuration Management (CM) Compliance
(continued)
CM Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for
Constraints/Gaps Virtual Environments
Configuration Monitor and control changes to configuration • Does not provide • Verifies, monitors, and controls
Settings settings in accordance with organizational functionality that hypervisor configuration changes
(CM-6) policies and procedures. verifies, monitors, or • Provides configuration change request
Employ automated mechanisms to centrally controls hypervisor logs to SIEM solutions that can be
manage, apply, and verify configuration settings. configurations used to trigger alerts
Employ automated mechanisms to respond to • Does not provide means • Enables organization to check if a
unauthorized changes to organization’s to generate alerts for configuration conforms with a
configuration settings unauthorized customized configuration policy or
configuration changes with guidance such as C.I.S.
Demonstrate conformance to security
configuration guidance (i.e., security checklists), • Is not able to check if a Benchmark standards, VMware Best
prior to being introduced into a production configuration conforms Practices, or other frameworks
environment. with policy or checklist
Least Configure the information system to prohibit or • Enables some • Centrally enforces hypervisor access
Functionality restrict the use of specified functions, ports, configuration of access policy via protocol (SSH, vSphere
(CM-7) protocols, and/or services. restrictions on client, SOAP) and hypervisor IP
individual hosts address controls on all hosts
© 2012, HyTrust, Inc. www.hytrust.com 8
- 9. HyTrust Enables Identification and Authentication (IA)
Compliance
IA Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment
Constraints/Gaps for Virtual Environments
Identification and Uniquely identify and authenticate • Permits root account • Requires a unique ID for access by
Authentication organizational users, including organizational sharing, enabling an organizational user and
(Organizational employees or individuals the organization anonymous access associates the unique ID with
Users) deems to have equivalent status of employees • Requires password for every operation performed by
(IA-2) (e.g., contractors, guest researchers, access; does not the user
individuals from allied nations). support multi-factor • Supports multi-factor, replay-
Use multifactor, replay-resistant authentication authentication resistant authentication such as
for network and local access to privileged RSA SecurID and hardware
accounts. For network accounts, one of the tokens for network and local
factors is provided by a device separate from access to privileged accounts
the information system being accessed.
Allow the use of group authenticators only
when used in conjunction with an individual/
unique authenticator.
Identification and Uniquely identify and authenticate non- • Permits potential root • Requires a unique ID for access by
Authentication (Non- organizational users. account sharing by non- a non-organizational user and
Organizational Users) organizational users, associates the unique ID with
(IA-2) enabling anonymous every operation performed by
access the user
© 2012, HyTrust, Inc. www.hytrust.com 9
- 10. HyTrust Enables System and Information Integrity (SI)
Compliance
SI Control NIST Requirement for FISMA Compliance Virtualization Platform HyTrust Requirement Fulfillment for
Constraints/Gaps Virtual Environments
Information Restricts the capability to input information • Does not restrict the ability to • Restricts the capability to input
Input to the information system to authorized input information based on information, via any access method,
Restrictions personnel. Restrictions may extend beyond specific operational/project using role-based authorization
(SI-9) the typical access controls employed by the responsibilities sufficiently fine-grained to
system and include limitations based on distinguish between users’
specific operational/project responsibilities. operational/project responsibilities
© 2012, HyTrust, Inc. www.hytrust.com 10
- 11. HyTrust Fills Critical FISMA Audit Data Gaps
Log Data Data for Allowed Data for Denied Usability and
Provider Operation (example) Reconfig Attempt Productivity
(example)
Virtualization User: root none • Separate log files for
Platform Time/date vCenter and each host
Target resource name, server
URL
Operation executed • Different log formats for
vCenter vs. hosts
HyTrust All of the above, plus: • User ID • Consolidated, centrally
• User ID • Date/time managed logs covering
• Source IP address • Source IP address vCenter and all hosts
• Resource reconfigured • Operation requested
• Previous resource state • Operation denied • Single, uniform format for
• New resource state • Target resource name, combined vCenter and host
• Label (Production) IP address, port, and log data
• Required privileges protocol
• Evaluated rules/ • Required privileges • Logs sent to central
constraints • Missing privileges repository or SIEM via
• Evaluated rules/ syslog
constraints
© 2012, HyTrust, Inc. www.hytrust.com 11