Create and manage cybersecurity frameworks in Splunk Asset and Risk Intelligence
Cybersecurity frameworks provide standardized guidelines for addressing risk. Splunk Asset and Risk Intelligence includes a number of common security frameworks, such as NIST and HIPAA, called known frameworks. You can also create your own custom frameworks.
By adding frameworks to Splunk Asset and Risk Intelligence, you can provision metrics that map to the framework controls, and then use them to identify security control gaps and track the remediation process.
You don't need to add a framework to add a metric.
Every active framework has an associated dashboard that you can filter based on category, control, or metric. The dashboard includes all the metrics provisioned for that framework. After you add and activate a framework, you can find it by selecting Risk and then Frameworks in the main menu navigation bar.
Available known frameworks
The following table describes the known frameworks available in Splunk Asset and Risk Intelligence:
Framework | Description |
---|---|
NIST CSFv2 | Based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risks. It's widely used by public and private organizations of all sectors and sizes around the world. |
ISO/IEC 27001:2022 | Provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining, and continually improving an information security management system. |
HIPAA | Establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form. |
PCI v4 | Provides a baseline of technical and operational requirements designed to protect account data. |
Add a known framework
To add a known framework, complete the following steps:
- Select Admin then Risk management and then Metric and framework management.
- In the Cybersecurity frameworks table, select Add framework and then Add known framework.
- Select a framework from the drop-down list of templates.
- (Optional) Edit the framework name and ID.
- (Optional) You can map metrics as you add the framework or after you add the framework. Select the check boxes to map metrics to framework controls. Metrics with Map metric have already been added to Splunk Asset and Risk Intelligence, and metrics with Create metric have not.
- Select Add.
If you selected to create metrics, it might take some time for the system to create these metrics.
- Locate the framework you added in the Cybersecurity frameworks table, and then activate it by selecting the settings icon ( ) and turning the toggle switch to Active. You must activate the framework in order to view the framework dashboard and metric mappings.
Add a custom framework
Create a custom framework with your own categories and controls, and then map metrics to each control.
To add a custom framework, complete the following steps:
- Select Admin then Risk management and then Metric and framework management.
- In the Cybersecurity frameworks table, select Add framework and then Add custom framework.
- Enter a name and ID for the framework.
- (Optional) Enter a framework description.
- Activate the framework by turning the toggle switch to Active. You must activate the framework in order to map metrics to the controls of the framework.
- Select Add.
- Locate the framework you added in the Cybersecurity frameworks table, and then select the settings icon ( ) to add categories.
- Locate the framework you added in the Cybersecurity frameworks table, and then select the preferences icon ( ) to add controls and their associated metrics.
- Select Add control.
- Using the drop-down list, select a category to add the control to.
- Enter a control ID.
- (Optional) Enter a description for the control.
- Using the drop-down list, select metrics to map to the control.
You can also select controls to map a particular metric. See Create and manage metrics in Splunk Asset and Risk Intelligence.
- Select Add.
Edit or delete a framework
To edit or delete a framework, complete the following steps:
- Select Admin then Risk management and then Metric and framework management.
- Locate the framework you added in the Cybersecurity frameworks table, and then select the settings icon ( ) to edit it. Make sure to select Update to save your changes.
- Locate the framework you added in the Cybersecurity frameworks table, and then select the remove icon ( ) to delete it.
Create and manage risk scoring rules in Splunk Asset and Risk Intelligence | Monitor, export, and share audit data in Splunk Asset and Risk Intelligence |
This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1, 1.0.2
Feedback submitted, thanks!