With the debut of the Cybersecurity Maturity Model Certification (CMMC), any organization engaging with the DOD must quickly become compliant. Non-compliance with CMMC jeopardizes your organization’s continued participation in the DOD contracting ecosystem, your ability to bid on defense contracts, and potentially threatens your existing contracts. It can feel overwhelming even to figure out where to start.
Here’s the good news: Organizations can leverage Qmulos’ next-gen compliance solution, Q-Compliance, coupled with Cisco’s suite of security products, to automatically demonstrate compliance with built-in Qmulos-powered technical visualizations in record time! By record time, we mean as short as one day if you already have data from your Cisco products properly indexed into your Splunk instance! Otherwise, add a few weeks, but that’s still pretty fast compared to the manual alternatives.
Matt Coose, Founder and CEO of Qmulos said, “Qmulos is proud to be partnering with Cisco to greatly accelerate our customers’ roadmap to achieving CMMC compliance, leveraging the powerful suite of Cisco products. Together we are not only helping with compliance, but with fulfilling the intent of compliance: improving their actual security posture.”
Qmulos leverages a combination of Cisco products such as Identity Services Engine (ISE), Duo, Secure Network Analytics, Firepower, and the Adaptive Security Appliance (ASA), ingesting and contextualizing data from these products into Splunk, creating dynamic dashboards organized by business unit, system, and relevant CMMC controls and levels. The result is a single pane of glass to review the vital technical evidence necessary to prove compliance. As Douglas Hurd, Leader, Cisco Secure Technical Alliances said, “The Qmulos Q-Compliance dashboard for Cisco is a great example of how working closely with technical alliance partners creates added value for customers. In a single view, joint customers can see their status for much of their CMMC requirements without needing to analyze multiple reports from point products. It saves customers a lot of time.”
Qmulos’ approach drastically reduces the significant manual overhead traditionally required to collect evidence, allows for the upload of non-technical evidence, and helps customers achieve the intent of CMMC: the ability to monitor critical technical controls and drastically improve real operational security. Combined with other data sources you may already own, organizations can quickly populate any remaining controls to achieve up to Level 2 certification. This is the power of taking a data-driven approach to compliance! (See our blog for more details)
Figure 1: CMMC Scorecard providing a high-level overview of all controls.
Here’s how it works: Forwarders get your data into Splunk where it is tagged and made searchable. This data onboarding step only needs to be done once for each source. The tags provide necessary context to the data which enables the data to be presented in a series of dashboards. There are dashboards for every control. Various technical control dashboards contain pre-built searches that dynamically locate data that is relevant for that particular control’s requirements. As a dashboard for a given system and control is opened, the searches run, the search results are returned, and the technical evidence is presented that is needed to assess or audit that control. There are various alert actions that can be configured to do things like automatically set assessment or audit status, create a POAM, send an email, and many others. Other dashboards show scores for controls, systems, and/or entire frameworks so that customers know the status of their compliance posture at any given moment, based on near real-time technical evidence from the various products that are protecting our customers’ networks and systems.
Sounds magical, we know. It kinda is.
Once installed, customers can use the Data Sources dashboard to:
1. Identify which controls can be fulfilled by certain products;
2. View examples of products that fulfill a particular control; and
3. Which controls currently have technical evidence being ingested into Q-Compliance.
Figure 2: Cisco Data Sources dashboard.
By the way, Qmulos’ capabilities aren’t limited to CMMC! If you have other compliance requirements that you need to follow, Q-Compliance can help you track them, all at the same time, and even for the same systems if needed. Several compliance frameworks are already built into Q-Compliance such as NIST RMF, HIPAA, FedRAMP, StateRAMP, NIST Cyber Security Framework, and many more. And if your compliance framework isn’t in Q-Compliance already, it’s easy to add custom control libraries, frameworks, and overlays.
About Qmulos
Qmulos is a cybersecurity company that builds innovative solutions to help security professionals improve their enterprise’s security posture. We build our solutions on Splunk’s robust, scalable technology to unlock the value of your data and automate initiatives ranging from compliance and auditing to cyber defense. Qmulos helps customers move to leading-edge compliance solutions that provide true security value. Our clients range from large federal agencies to Fortune 1000 companies.
For more information, please visit www.qmulos.com.