Achieving CMMC Compliance with MARS Suite

Share This Post:

The Cybersecurity Maturity Model Certification (CMMC) framework is now on the horizon for all contractors looking to do work with the Department of Defense. With 17 domains, 43 capabilities, and 171 cybersecurity best practices processing across five maturity levels, CMMC can be a lot for DoD contractors to handle. And since every DoD contractor will need to have their compliance with at least a basic CMMC maturity level certified, finding a way to handle it will be an inevitability, not an option. Thanks to a combination of the built-in capabilities of MARS Suite and the expertise and resources that our team has collected, we are positioned to help with that inevitability.

Capitalizing on built-in CMMC Compliance Capabilities

With the introduction of CMMC comes requirements for current and prospective DoD contractors to conduct cybersecurity continuous monitoring and perform routine vulnerability scanning. The intent is for contractors to use network monitoring to ensure that potential incident, events, vulnerabilities, and threats to organizational systems are identified and addressed as quickly as possible. Deficiencies such as weak passwords, outdated operating systems, and unpatched systems can pose serious threats to the cybersecurity of these contractors and, by extension, to the DoD.

The type of continuous monitoring scanners used to satisfy these requirements are expected to scan organizational assets for security deficiencies and create a prioritized list of asset vulnerabilities based on level of severity. Acquiring such a security incident and event management (SIEM) scanner, implementing it on a network, managing it, and responding to the vulnerabilities it uncovers can be a daunting task.

MARS Suite was built to provide contractors large and small with the scanning and SIEM capabilities they need for compliance, without the big-SIEM price. When MARS Suite is implemented effectively, contractors can use these built-in capabilities to fulfill a total of 40+ CMMC controls from the Incident Response, Risk Management, Security Assessment, Situational Awareness, and System & Information Integrity domains of CMMC.

Controls Covered by Using MARS Suite

Click to expand each maturity level and see what controls you could cover with MARS Suite on your system.

  • AU.2.042 – Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
  • AU.2.043 – Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
  • AU.2.044 – Review audit logs.
  • IR.2.092 – Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
  • IR.2.093 – Detect and report events.
  • IR.2.094 – Analyze and triage events to support event resolution and incident declaration.
  • IR.2.096 – Develop and implement responses to declared incidents according to pre-defined procedures.
  • IR.2.097 – Perform root cause analysis on incidents to determine underlying causes.
  • RM.2.141 – Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and associated processing, storage, or transmission of CUI.
  • RM.2.142 – Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.
  • RM.2.143 – Remediate vulnerabilities in accordance with risk assessments.
  • CA.2.159 – Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
  • SI.2.216 – Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
  • SI.2.217 – Identify unauthorized use of organizational systems.
  • AU.3.045 – Review and update logged events.
  • AU.3.046 – Alert in the event of an audit logging process failure.
  • AU.3.048 – Collect audit information (e.g., logs) into one or more central repositories.
  • AU.3.049 – Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
  • AU.3.050 – Limit management of audit logging functionality to a subset of privileged users.
  • AU.3.051 – Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.
  • AU.3.052 – Provide audit record reduction and report generation to support on-demand analysis and reporting.
  • IR.3.098 – Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.
  • IR.3.099 – Test the organizational incident response capability.
  • RM.3.144 – Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources, and risk measurement criteria.
  • RM.3.146 – Develop and implement risk mitigation plans.
  • SA.3.169 – Receive and respond to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders.
  • AM.4.226 – Employ a capability to discover and identify systems with specific component attributes (e.g., firmware level, OS type) within your inventory.
  • AU.4.053 – Automate analysis of audit logs to identify and act on critical indicators (TTPs) and/or organizationally defined suspicious activity.
  • AU.4.054 – Review and audit information for broad activity in addition to per-machine activity.
  • IR.4.100 – Use knowledge of attacker tactics, techniques, and procedures in incident response planning and execution.
  • RM.4.149 – Catalog and periodically update threat profiles and adversary TTPs.
  • RM.4.150 – Employ threat intelligence to inform the development of the system and security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities.
  • RM.4.151 – Perform scans for unauthorized ports available across perimeter network boundaries over the organization’s internet network boundaries and other organizationally defined boundaries.
  • SA.4.171 – Establish and maintain a cyber threat hunting capability to search for indicators of compromise in organizational systems and detect, track, and disrupt threats that evade existing controls.
  • SI.4.221 – Use threat indicator information relevant to the information and systems being protected and effective mitigations obtained from external organizations to inform intrusion detection and threat hunting.
  •  
  • CA.4.164 – Conduct penetration testing periodically, leveraging automated scanning tools and ad hoc tests using human experts.
  • SA.4.173 – Design network system security capabilities to leverage, integrate, and share indicators of compromise.
  • AU.5.055 – Identify assets not reporting audit logs and assure appropriate organizationally defined systems are logging.
  • IR.5.102 – Use a combination of manual and automated, real-time responses to anomalous activities that match incident patterns.
  • IR.5.106 – In response to cyber incidents, utilize forensic data gathering across impacted systems, ensuring the secure transfer and protection of forensic data.
  • RM.5.152 – Utilize an exception process for non-whitelisted software that includes mitigation techniques.
  • RM.5.155 – Analyze the effectiveness of security solutions at least annually to address anticipated risk to the system and the organization based on current and accumulated threat intelligence.
  •  
  • SI.5.222 – Analyze system behavior to detect and mitigate execution of normal system commands and scripts that indicate malicious actions.
  • SI.5.223 – Monitor individuals and system components on an ongoing basis for anomolous or suspicious behavior.

The automated tools and data analytics used by MARS Suite to aggregate and normalize disparate data feeds provide organizations with the ability for increased situational awareness and the continuous monitoring of IT systems, networks, and programs. Since it captures near real-time security information, organizational risk can be managed more efficiently and effectively, resources can be prioritized, and decision-making can occur in a more informed manner.

With the holistic situational awareness made possible through the Enterprise-wide Common Operating Picture dashboard, contractors can quickly identify and manage risk in an ever-changing network environment. This ability to maintain ongoing awareness and support the incident response process takes MARS Suite from being just a check-the-box SIEM to being a comprehensive continuous monitoring and risk management tool that will be an invaluable asset to any contractor’s security program.

Pursuing Compliance Beyond the Tool Suite

CMMC Compliance doesn’t stop at tool-related compliance requirements, and neither does MARS Suite. We recognize that our suite of tools will commonly be used as just one key component of a larger compliance program. That’s why we have collected a team of experts that can guide you through the entire gamut of CMMC compliance, all the way from the initial assessment of compliance needs to the endgame of maintaining compliance for the long haul.

Through our team, you will have access to Registered Provider Organizations (RPOs) staffed with Registered Practitioners (RPs) with years of experience in security compliance programs. Our team can guide you through every step of the compliance journey, including optimizing your use of MARS Suite to get the most benefit possible, identifying and incorporating any other tools that you may need, establishing and implementing necessary security policies and programs, and performing internal assessments in preparation for your official assessment from a CMMC Third-Party Assessor Organization (C3PAO). To get a better look at our overall CMMC Compliance Process, download our CMMC Compliance Solution white paper.

Want to see how MARS Suite can help you with CMMC compliance and beyond? Visit our Contact page and send us a message. A member of our team can schedule a demo for you or answer any questions you may have.

More from the blog

Latest in Cyber – Issue 42

In this issue: Proclamation on Cybersecurity Awareness Month, new program from CISA, the push for a Hardware Bill of Materials, DHS idea for reporting portal, and quantum-resistant cryptography.

Read More

Download the White Paper

Learn More About Upcoming Events