This company is often awarded contracts for the federal government, and therefore needs to follow certain compliance laws. The DFARS compliance demands any government contractor to put in place cybersecurity safeguards on what the US government calls ‘controlled unclassified information’. Any company doing business with the US federal government must prove that they are providing security protection for any data being stored, transmitted or processed on their behalf.
Safeguard the access to and usage of government data and report cyber incident for DFARS compliance
While there are several elements to which contractors must comply, there are two primary elements that seem to be the most dominant: demonstrating “adequate security” and cyber incident reporting. As defined in the DFARS, adequate security includes “protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.”
For this reason, the company needed a file auditing and reporting solution that would allow them to show proper access controls and reporting tools were in place in order to protect government data against unauthorized access.
Previously they were gathering and analyzing data from Windows Security Event logs which proved a nightmare for the IT Manager. He said “working with native Windows logs is just not possible. It takes far too much time to get half of what is needed.”
Easily react to and report on any suspicious access to sensitive data
The IT manager was assigned the task to find a third party software that would provide real-time data and meet the necessary requirements. They needed to have constant visibility into what data is being accessed, by whom, when, from where, etc. This real-time information is absolutely necessary to remain vigilant against inappropriate access.
After his own online research, the company decided to try IS Decision’s FileAudit. They found the software very easy to set up and use, and immediately saw the time saving value that it could provide to a busy IT team.
“FileAudit was up and running in less than an hour. It is very easy to install and configure. I found the online tutorials and documentation to be very helpful.” FileAudit’s comprehensive auditing mixed with the ability to alert IT teams of the presence of suspicious file access activity, helped focus the proper attention on what could equate to a data breach. Especially important were FileAudit’s mass access alerts. They allowed the company to be alerted on the most common ‘potential red flags’ - the presence of mass copying or bulk deletion or movement of data.
Prove that DFARS compliance-specific controls are in place
In the first few months of using the software, the IT manager was able to see the value of the mass access alert feature when it was triggered due to abnormal accesses on the server. Several documents were being accessed at once, using a large amount of bandwidth, and thanks to FileAudit he was able to pinpoint immediately the machine generating those accesses.
Having FileAudit in place has helped the company reach requirements needed for the DFARS compliance. FileAudit provides actionable information about all access made to folders, files and file shares. It allows them to show proper access controls and reporting tools were in place in order to protect government data against unauthorized access.
The alerts indicate the user name, source (machine name and IP address), the date and time of the violation as well as the alert parameters, making it easy to further investigate within FileAudit the full access history.
If there are any security issues within an organization, FileAudit can run reports to see who’s accessed a file or folder and management can quickly address it with that individual.
The IT manager said “FileAudit is a great software. It is easy to use, easy to install and very straightforward. It satisfies completely the requirements of the DFARS compliance and saves us (the IT team) a lot of time. The Access Reporting is absolutely great. I’m able to see who’s doing what in real time. The mass alerts allow us to be informed as soon as something inappropriate happens.”
To learn more about how file auditing helps meet compliance objectives, read the whitepaper The Role of File Auditing in Compliance.