Skip to content

Additional Configuration Steps for RMF

CIA Levels

Overview

Each dashboard under RMF contains a CIA (confidentiality, integrity, or availability) panel that runs off of a csv. More information on the CIA base levels can be found below:

FIPS Publication 199 & 200 defines the security categorization standards

The initial security categorization for the information and the system is performed during the initiation phase of the system development life cycle along with an initial security risk assessment. The initial risk assessment defines the threat environment in which the system operates and includes an initial description of the basic security needs of the system. These needs are contingent upon an understanding of how a possible loss of confidentiality, integrity, or availability of information of a system component can impact the organization and the resulting security categorization.

Tailoring CIA Levels: NIST SP 800-60 describes the criteria for adjusting the provisional security impact values. The confidentiality, integrity, and availability impact values may be adjusted as necessary during the review. The special factor guidance in NIST SP 800-60, Volume II, provides guidance to adjust each information type. If the special factor guidance applies to the individual system, the impact value for the security objective can be modified.

CIA Levels Setup Steps

To set the initial baseline and control selection:

  1. Log into the Splunk Search Head that has the Compliance Essentials for Splunk installed
  2. Open the Splunk App for Lookup File Editing
  3. Search for the site_cia_levels.csv
  4. Click on site_cia_levels.csv to open the csv
  5. Type in your Availability, Confidentiality, and Integrity Levels
  6. Select Save Lookup

To adjust the baseline for a security objective:

  1. Log into the Splunk Search Head that has the Compliance Essentials for Splunk installed
  2. Open the Splunk App for Lookup File Editing
  3. Search for the basecia.csv
  4. Click on basecia.csv to open the csv
  5. Type in your Availability, Confidentiality, Integrity, and RMF key. Note: Only type in the RMF Key’s for the CCI’s that you would like to overwrite the CIA levels on. The RMF key can be found in the URL for any CCI dashboard
  6. Select Save Lookup