As part of our Q-Compliance solution, Qmulos has the industry’s only custom input for Splunk that will parse and ingest the National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol’s (SCAP) native XML formats for configuration compliance checks. We support the Extensible Configuration Checklist Description Format (XCCDF), Asset Reporting Format (ARF) and Assessment Summary Results (ASR) XML formats. In addition, our upcoming release will add support for the checklist file format (.CKL) used by the Defense Information System Agency’s STIGViewer tool. Though not officially part of the SCAP standards, the STIGViewer checklist files are widely used. The added support of the StigViewer files will provide another important source for configuration compliance check results.
SCAP simplified using Qmulos
The SCAP capabilities are packaged in our Qmulos SCAP App that customers of Q-Compliance can download and install. The App allows you to ingest an important data source that fuels many of the compliance automation capabilities in Q-Compliance. Additionally, the Qmulos SCAP App allows organizations to ingest the results of security scanners, vulnerability scanners, configuration management tools and other SCAP-compliant tools into Splunk for enterprise-wide analysis. The app comes with several dashboards that present an organization’s compliance posture against their SCAP-compliant security benchmarks. Furthermore, it comes with a Splunk data model defining the common set of fields relevant to most compliance use cases. This enables organizations to develop their own analytics and dashboards with SCAP data in Splunk.
Q-Compliance uses the scan results from the SCAP data in conjunction with the NIST Common Configuration Enumeration (CCE) and DISA Control Correlation Identifier (CCI) standards to correlate the results to specific NIST 800-53 controls. This drives many of the other Risk Management Framework (RMF) automation capabilities in Q-Compliance such as automated control assessments, automatic creation of Plans of Actions and Milestones (POA&M) to address failed scan results, automated scoring, and ultimately continuous monitoring and ongoing authorization.
For more information on how you can leverage your data in Splunk to help you with your compliance automation activities, please contact Qmulos at sales@qmulos.com.