Skip to main content
Version: Atlas v3.11

STIG Compliance Journey

Atlas STIG Compliance is specifically designed for public sector entities required to meet DISA STIG standards. It simplifies the process of integrating STIG Compliance into the Splunk environment and streamlines data ingestion. This integration allows users to effectively evaluate their compliance standing using Splunk's data insights. Moreover, it fosters collaboration and automates routine compliance workflows, significantly improving team productivity in handling compliance-related tasks.

Atlas Elements Utilized

Outcomes

Investigate STIG Compliance Status

STIG checklist data is a standardized system of reporting compliance meeting DISA’s standards. But the nature of the compliance process produces many artifacts that are hard to track and more difficult to manage. With Atlas’s STIG Compliance, all this checklist data can be directed to Splunk, and Atlas can report latest compliance by system.

  1. Work with Expertise on Demand or Atlas documentation to create a data pipeline to ingest STIG Checklists (CKLs)
  2. Navigate to System Compliance element and create a System on the Systems Overview dashboard that logically groups together a selection of your targets.
  3. Click down onto the System Compliance dashboard to view compliance scores by target and STIG checklist.
  4. Select a target to navigate to the STIG Viewer dashboard. On this dashboard, a user can see the latest status of any ingested vulnerability, and these vulnerabilities can be updated with new statuses, comments, and finding details.

Report on Compliance Data

STIG Compliance contains many different reports to analyze your compliance data. After getting data in, users can fully exploit their checklists and produce many different reports geared to their use cases.

  1. Navigate to the STIG Compliance element.
  2. On the navigation bar, inspect the Reports navigation group to see all reporting options.
  3. Review the POA&M Helper dashboard. This dashboard syncs up Open and Not Reviewed vulnerabilities with NIST 800-53A findings. This is an excellent start for initiating a POA&M.
  4. View the Vulnerability Changes Report. This report identifies any vulnerabilities within the time range that have changed status. Using filters, you can select what status you wish to focus on. This is essential in automated reporting environments, as a security manager can quickly identify what vulnerabilities have shifted to Open in the past time range.
  5. Review the Checklist Audit dashboard. This dashboard identifies any vulnerabilities that lack Finding Details or Comments. Most reporting requirements necessitate that these fields are filled with relevant data, and this dashboard can continuously track checklists that fail to meet the mark.

STIG Checklist Ingest Monitoring

Leveraging Atlas Monitor, a user can ensure that STIG checklist data continues to flow with no interruption. An interruption in the data flow could cause data loss or delayed reporting, causing downstream errors in reporting overall compliance. With Monitor, data owners can be notified if their STIG data experiences any anomalies.

  1. Open the Monitor element in Atlas.
  2. Navigate to the Configuration page.
  3. Ensure that the requirements for the app are met. If a requirement is not met, there will be on screen instructions to guide you through the configuration.
  4. Create a Monitor Group on the Group Overview dashboard for STIG Compliance. These groups should represent logical separations of data by ownership or purpose.
  5. On a Monitor Group, create a Data Watch that can track the checklist data coming in. Checklist data has its own sourcetype, which should be useful for setting up the data watch should it be going into a populated index. Users can also leverage hosts if they want to set up multiple data watches tracking multiple different sources. The threshold should represent the base line amount of data coming in.
  6. The Monitor Report dashboard will now track the data flow into the system and email the Data Group owner if a Data Watch experiences an outage. Using the Monitor Report dashboard, a user can inspect data flow against the threshold on the row expansion and get a list of all outages in the time range.