Preview only show first 10 pages with watermark. For full document please download

Cp_r75.40_compliance_adminguide

Rating
Date

October 2018
Size

561.6KB
Views

7,516
Categories

Computers & electronics Software Computer utilities Security management software

Transcript

Compliance Blade R75.40 Add-on Administration Guide 6 March 2013 Classification: [Restricted] © 2013 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=23290 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). Revision History Date Description 05 March 2013 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:[email protected]?subject=Feedback on Compliance Blade R75.40 Add-on Administration Guide). Contents Important Information .............................................................................................3 Introduction .............................................................................................................5 Key Features ....................................................................................................... 5 Best Practice Tests ......................................................................................... 5 Regulatory Compliance................................................................................... 5 Supported Regulatory Standards .................................................................... 6 Continuous Compliance Monitoring ................................................................ 6 Compliance Alerts........................................................................................... 7 Optimal Performance ...................................................................................... 7 Working with the Compliance Blade .................................................................... 7 The Compliance Blade User Interface ...................................................................8 The Overview Pane ............................................................................................. 8 Best Practices Compliance ............................................................................. 9 Gateways.......................................................................................................10 Blades ...........................................................................................................11 Regulatory Compliance..................................................................................11 Action Items and Messages ...........................................................................12 Searching, Grouping, Sorting .............................................................................13 Working with Alerts and System Messages ........................................................14 Enforcing Best Practices......................................................................................14 Activating Best Practice tests .............................................................................14 Deactivating Tests ..............................................................................................14 Working with Regulatory Compliance .................................................................16 Activating and Deactivating Regulatory Standards .............................................16 Working with Action Items ...................................................................................16 Corrective Steps .................................................................................................17 Running Reports ...................................................................................................17 Exporting Data ......................................................................................................17 Chapter 1 Introduction In This Chapter Key Features Working with the Compliance Blade 5 7 The world of compliance has become increasingly complex and challenging in recent years. High profile scandals in the information security arena continue to occur and governments and lawmakers continue to strengthen the regulatory landscape. Organizations must address their obligations or be subjected to penalties, prosecution, or damage to their reputation. Compliance management today is a costly, manual procedure that is based on periodic audits. Each regulatory standard has its own audit requirements, typically based on a predefined questionnaire. This means that a different audit is necessary for each standard. The result of these audits is a static snapshot of organization compliance at a given point in time. This procedure is not dynamic and cannot identify changes that occur between audits. The Check Point Compliance Blade is a dynamic compliance solution that continuously monitors the Check Point security infrastructure (Security Gateways, blades and their related policies) in real time. This unique product contains an extensive database of best practice compliance checks that are mapped to the individual regulations in each standard. Key Features Features: Best Practice Tests Regulatory Compliance Supported Regulatory Standards Continuous Compliance Monitoring Compliance Alerts Optimal Performance 5 5 6 6 7 7 Best Practice Tests The Compliance Blade has a library of Check Point-defined tests as a baseline for good gateway and policy configuration. A Best Practice test is related to specified regulations in different regulatory standards. It describes compliance status and recommends corrective steps.  Global Tests - Examine applicable configuration settings in the organization.  Object-based Tests - Examine the configuration for specified objects (gateways, profiles and other objects). Regulatory Compliance The Compliance Blade monitors the status of applicable regulations and shows them in an easy-to-read view. A regulation shows the status, compliance score, and best practices for one or more related tests and for related gateways and policies. Compliance Blade Administration Guide R75.40 Add-on | 5 Introduction Supported Regulatory Standards This Compliance Blade release supports these regulatory standards: Standard Location Description ISO 27001 International Standards for the implementation of Information Security Management Systems (ISMS). This standard includes 133 control objectives that cover organizational security architecture. ISO 27002 International Supplemental controls and best practices for implementation of Information Security Management Systems (ISMS). This standard includes detailed control objectives that are applicable to certain industries. HIPAA Security USA Health Insurance Portability and Accountability Act of 1996. These regulations require government agencies, insurers and health care providers to protect all data that they collect, maintain or use. PCI DSS 2.0 USA Industry standards for transmission, processing and storage of credit card data. DSD Australia Military data security regulations and standards GLBA USA Gramm-Leach-Bliley Act. These regulations include financial privacy guidelines and safeguards related to information security. NIST 800-41 USA National Institute of Standards and Technology guidelines for firewalls and firewall policies NIST 800-53 USA National Institute of Standards and Technology recommend security controls for federal government information systems and organizations. UK Data Protection Act UK British data security standards. CobiT 4.1 USA Information technology governance framework that includes control requirements, technical issues and business risks. Continuous Compliance Monitoring Continuous Compliance Monitoring (CCM) dynamic technology that examines compliance parameters on an ongoing basis. The Compliance Blade uses CCM to automatically examine Security Gateways and security policies.  Daily - Automatic scan once a day, finds changes to gateway and policy configurations made with CLI or scripts.  SmartDashboard changes - Automatic scan when an administrator changes objects that affect gateway or policy configuration. Compare CCM with manual monitoring. Without the Compliance Blade, organizations typically monitor their environments once a year. We recommend that you run the Manual scan every time you add objects to your Check Point environment, and after you activate or de-activate a Best Practice test. To run a manual scan: 1. Open the Compliance tab. 2. In the Navigation tree, select Settings. 3. On the Settings page click Rescan. Note: While a scan is running, you cannot work with the Compliance tab. Compliance Blade Administration Guide R75.40 Add-on | 6 Introduction Compliance Alerts If your actions in SmartDashboard cause a degradation of the compliance status, the Compliance Blade shows an alert with details of the issue. It also generates an action item to track corrective steps. Optimal Performance The Compliance Blade does not adversely affect network throughput or client performance. Working with the Compliance Blade Effective workflow with the Compliance Blade: 1. View - Use the Compliance Blade tools to examine and monitor compliance status. 2. Plan - Manage Compliance Blade automatically generated Action Items. 3. Act - Correct compliance issues as recommended by the Action Items. You can see the updated compliance status when you run Compliance Blade scans. Compliance Blade Administration Guide R75.40 Add-on | 7 Chapter 2 The Compliance Blade User Interface In This Chapter The Overview Pane Searching, Grouping, Sorting Working with Alerts and System Messages 8 13 14 Open SmartDashboard > Compliance tab. The Overview pane shows the overall compliance status of your organization. Select the different branches in the navigation tree to see more details. The Overview Pane The Overview pane shows: What can I do here? Navigation Tree Select a compliance or settings pane. My Organization See a compliance summary for your organization. Gateways See compliance score of selected Security Gateways: most compliant, least compliant, user-define set. Blades See compliance score and number of Best Practice tests by blade. Regulatory Compliance See a summary of compliance with regulations. Messages and Action Items See the action items, compliance alerts, and system messages. Compliance Blade Administration Guide R75.40 Add-on | 8 The Compliance Blade User Interface Best Practices Compliance The Compliance Blade calculates a numeric score from the results of a Best Practice test, which is the average of the results for each object examined. Average scores can be given for the organization, Security Gateways, Software Blades, and regulations. This is the Compliance Blade scoring system: Category Score Low 0 - 50 Medium 50 - 75 High 75 - 99 Compliant 100 N/A Not applicable A category can be N/A if:  The applicable Software Blade is not installed on the Security Management Server.  The Security Gateway does not support the examined feature. Many Best Practice tests are binary: compliant or not.  Non-compliant score = 0 (Ineffective)  Compliant score = 100 (Strong) Other Best Practice tests calculate a score based on the degree of compliance. To see details of a Best Practice test: Click the status category or More Details. The Best Practices pane opens. In the upper table, see the data of Best Practice tests:  Related Software Blade  Compliance Blade ID  Name of the Best Practice test  Status (Low, Medium, High, Compliant, or N/A) In the lower part, see details of the selected Best Practice test:  Description - What the compliance test looks for.  Action Items - How to raise compliance.  Relevant Objects - Objects related to the selected Best Practice test and their status. You can activate or deactivate enforcement of the selected Best Practice test for specific objects. (This section shows only when the selected Best Practice test is applicable to specified objects.)  Relevant Regulatory Requirements - List of regulatory standards that include the selected Best Practice test. Compliance Blade Administration Guide R75.40 Add-on | 9 The Compliance Blade User Interface Gateways The five Security Gateways with the highest scores, lowest scores, or by user-defined set. To see the Best Practice test results for a Security Gateway, click it. The Gateways pane for the selected gateway opens. To see the results for all gateways, click See All Gateways. The All Gateways window opens. Click a Security Gateway or cluster in this window to see details. In the upper table, see the data of the Best Practice tests on the gateway:  Related Software Blade  Compliance Blade ID  Name of the Best Practice test  Status (Low, Medium, High, Compliant, or N/A) In the lower part, see details of the selected Best Practice test:  Description - What the test looks for.  Action Items - How to raise compliance.  Relevant Objects - Other Security Gateways and clusters on which this test is enforced.  Relevant Regulatory Requirements - List of regulatory standards that include the selected Best Practice test. Compliance Blade Administration Guide R75.40 Add-on | 10 The Compliance Blade User Interface Blades Average scores for the five Software Blades with the most Best Practice tests. To see Best Practice test results for one Software Blade, click that blade. The Best Practice tests pane opens. To see the results for all Software Blades, click More Details. The Best Practices pane opens. Group the results by Blade. Regulatory Compliance Compliance statistics for selected regulatory standards:  Number of regulatory requirements (one or more Best Practice tests) tested for each regulatory standard  Average compliance scores The number of regulatory standards shown is dependent on your screen resolution and the size of the SmartDashboard window. To select the regulatory standards shown: 1. Click the configuration icon in the summary line. 2. In the Select Regulations and Standards window, select the standards to see in the Overview. Compliance Blade Administration Guide R75.40 Add-on | 11 The Compliance Blade User Interface To see the compliance score for all regulatory requirements, click See all Regulations. The All Regulatory Requirements window opens. To see details of a standard, click the name of the standard in the Overview pane or in the All Regulatory Requirements window. The Regulatory Requirements pane for the selected standard opens. In the upper table, see the data of Best Practice tests for the selected standard:  Compliance Blade ID  Status (Low, Medium, High, Compliant, or N/A)  Name of the requirement, taken from the public standard In the lower part, see details of the selected Best Practice test:  Description - What the standard requires.  Action Items - How to raise compliance.  Relevant Best Practices - The tests for compliance with the selected requirement, and compliance status in your organization.  Relevant Objects - Objects related to the selected requirement and their status. You can activate or deactivate enforcement of the selected requirement for specific objects. (This section shows only when the selected requirement is applicable to specified objects.) Action Items and Messages The updated status of pending action items for your organization.  Upcoming - Action items with due dates in the next 30 days.  Future - Action items with due dates in excess of 30 days.  Unscheduled - Action items without defined due dates.  Overdue - Action items with due earlier than today. It is a best practice to resolve overdue action items immediately. To see alert messages, click Compliance Alerts. They open in the Overview pane. Compliance Blade Administration Guide R75.40 Add-on | 12 The Compliance Blade User Interface To see messages about the Compliance Blade, click System Messages. They open in the Overview pane. To open the action items of a status category, click that category or its section in the chart. The Action Items pane opens. In the upper table, see the data of the Action Items:  Due Date (a due date is not applied by default when the action item is generated)  Related Software Blade  Compliance Blade ID  Status (Low, Medium, High, Compliant, or N/A) of compliance. Low status action items should be handled immediately. In the lower part, see details of the Action Item:  Description - Details of why this must be done, and what to do in alternative scenarios.  Best Practice ID - Steps to take.  Relevant Objects - Objects related to the selected requirement and their status. You can activate or deactivate enforcement of the selected action for specific objects. (This section shows only when the selected action item is applicable to specified objects.)  Relevant Regulatory Requirements - List of regulatory standards that include the Best Practice test for which the actions are done. Searching, Grouping, Sorting In the Compliance Blade panes, enter a string the search field to filter results. To search for values in a field, enter: field_name:string To group results, select Blade or Status in the grouping field. Compliance Blade Administration Guide R75.40 Add-on | 13 Enforcing Best Practices To sort the results by values in field, click that field header. Working with Alerts and System Messages You use the Alerts and System Message pane to see alerts generated when a configuration change causes compliance status degradation. You can also see messages that are automatically generated by the Compliance Blade. To see the details of a system message, double-click it. The Alert Details window opens. Enforcing Best Practices You can activate or deactivate Best Practice enforcement of tests by test (for the organization), by gateway, by Software Blade or by other objects. Activation changes are applied after the next scan. Activating Best Practice tests By default all Best Practice tests are active. To activate a Best Practice test that is not currently active: 1. Select a Best Practice test in the main section or in the Related Objects section. 2. Select Active. Deactivating Tests You can deactivate Best Practice tests globally for the organization or for specified objects (gateways, blades or profiles). To deactivate a Best Practice test for all for the organization: 1. In Compliance > Best Practices, clear the Active option for the Best Practice test. 2. When prompted, enter an explanation. The comment is required. Document why you want to stop running this compliance test. 3. Optional: Define an expiration date. If you define an expiration date, the deactivated test is automatically activated on that date. To make a Best Practice test active again: 1. Open Settings > Inactive Objects. The de-activated Best Practice test is in the Inactive Best Practices section. 2. Select it in Inactive Best Practices. Compliance Blade Administration Guide R75.40 Add-on | 14 Enforcing Best Practices 3. Click Delete. (Or select the Active option in the Best Practices pane.) To change the comment or expiration date: Double-click the Best Practice test in the Inactive Objects pane. To deactivate Best Practice tests for specific gateways: 1. Open Settings > Inactive Objects. 2. In the Inactive Gateways section, click the + icon. 3. Enter or select a gateway or cluster. To remove a gateway from the Inactive Gateways list: 1. Select the gateway. 2. Click the - icon. 3. When prompted, click Yes. To deactivate a Best Practice test for a specific object: 1. In Compliance > Best Practices, select the Best Practice test. 2. In the Relevant Objects section, clear the Active option for the object. An object can be a gateway, policy, profile or other object. Compliance Blade Administration Guide R75.40 Add-on | 15 Working with Regulatory Compliance 3. When prompted, enter an explanation. The comment is required. Document why you want to stop running this compliance test. 4. Optional: Define an expiration date. If you define an expiration date, the deactivated test is automatically activated on that date. To make an object active again for Best Practice tests: 1. Open Settings > Inactive Objects. The de-activated Best Practice test is in the Inactive Best Practices on Specific Objects section. 2. Select the Best Practice test 3. Click Delete. (Or select the Active option in Best Practices > Relevant Objects of the selected Best Practice test.) Working with Regulatory Compliance Regulatory Requirements shows the Compliance Blade Best Practice tests that check compliance with the requirements of standards and regulations. To see the regulations and their status: 1. Open Compliance and expand Regulatory Requirements. 2. Click a regulatory standard. The selected regulatory standard pane opens. Activating and Deactivating Regulatory Standards You can select the regulatory standards that are applicable to your organization. By default all supported regulatory standards are active. To activate or deactivate regulatory standards: 1. In the navigation tree, click Settings. 2. Select the regulatory standards that are applicable for your organization. 3. Clear the regulatory standards that are not applicable for your organization. To test compliance with a standard: Click Rescan. Working with Action Items When a Best Practice test finds a deficiency, the Compliance Blade automatically generates an Action Item. You can assign a due date to an Action Item and keep track of corrective steps. Action Items are not assigned a due date when they are generated. When you complete the corrective steps, the Compliance Blade deletes the Action Item after the next scan. To assign a due date for an Action Item: 1. Open Messages and Action Items > Action Items. 2. Select an Action Item. 3. In the Action Item Description section, click Schedule Now. If the Action Item already has an assigned due date, click Change to change it. 4. In the window that opens, enter or select a due date and then click OK. Compliance Blade Administration Guide R75.40 Add-on | 16 Running Reports You cannot manually delete an Action Item. To delete an action item: 1. Deactivate the applicable Best Practice test ("Deactivating Tests" on page 14). 2. Run a manual scan: Settings > Rescan. Corrective Steps Correct compliance issues through configuration of SmartDashboard objects and Software Blades. The Compliance Blade has some features that help you to quickly implement corrective steps in SmartDashboard. The Action Items pane shows a helpful description for each Action Item, which gives suggestions for correct the related configuration. You can correct many issues quickly and easily. For some objects, you can double-click the object in the Relevant Objects section to open its configuration window. For example, if you double-click a gateway object, the Gateway General Properties window opens. If you double-click a profile object, General Properties window for that profile opens. If the Action Item does not have a link to an object, use the description to guide you through the configuration changes. Running Reports Generate reports for status summary and details of Best Practice tests and Action Items.  Overview - Shows the summary data included in the Overview pane, summaries of gateways and regulatory standards, detailed lists of Best Practice tests and Action items.  By Regulation - Shows a summary of the regulatory requirements and a detailed list of the Best Practice tests included in each requirement. To generate a report, select Reports on the Navigation tree and then select a report. The report shows in a pane with the report name as the title. From the report pane, you can create reports in these output formats: PDF document Email with attached PDF document Output to printer Output HTML to your Web browser Exporting Data ® You can export the data shown in the selected pane to a Microsoft Excel file. This lets you save the results for archiving, auditing, and analysis of historical trends and data relationships. To export data to an Excel file: 1. 2. 3. 4. Open a Compliance Blade pane. Click Export. Enter path and filename. Click Save. Compliance Blade Administration Guide R75.40 Add-on | 17

Cp_r75.40_compliance_adminguide

Rating

Date

Size

Views

Categories

Share

Transcript

Forgot your password?.