In fact, that has been a pillar of the ScienceLogic mission from the beginning, and while SL1 is not a security tool per se, it has proven itself to be an important part of a holistic security strategy for many of our customers. That is because SL1’s capabilities align with achieving the directive’s four primary outcomes, taken directly from BOD 23-01:
- Maintain an up-to-date inventory of networked assets as defined in the scope of this directive;
- Identify software vulnerabilities, using privileged or client-based means where technically feasible;
- Track how often the agency enumerates its assets, what coverage of its assets it achieves, and how current its vulnerability signatures are; and,
- Provide asset and vulnerability information to CISA’s CDM Federal Dashboard.
Challenge
In issuing its directive and specifying what deliverables agencies must achieve, CISA chose not to mandate how they were to achieve the desired outcomes. Instead, it placed an emphasis on asset discovery and monitoring, and the creation of risk profiles for an agency’s IT assets to support required compliance and reporting. This creates a challenge for each agency to establish the means to effect enterprise-wide discovery and monitoring, and operate tools designed with the intelligence necessary to ingest and analyze data in real time.
Legacy IT operations monitoring platforms simply lack the ability to see across hybrid infrastructure; and lacking integral artificial intelligence, those platforms are unable to keep pace with the speed of operations and change inherent with today’s complex IT estates. As a result, many agencies rely on multiple monitoring platforms that still leave wide visibility gaps. Even agencies with more mature IT operations often rely on disparate toolsets with differing levels of fidelity and accuracy. They are unable to provide monitoring and management adequate to support (by modern standards) the core best practices necessary to ensure system health, availability, and reliability, let alone support the directive’s requirements for cybersecurity.
Opportunity
Beyond simply establishing a mandate for “improving asset visibility and vulnerability protection,” BOD 23-01 is a potential catalyst to bring about a fundamental change in the way U.S. federal agencies monitor and manage their IT estates, vastly improving their performance and reliability. In IT operations it is accepted that every configuration item operating within an organization’s infrastructure has a purpose and, as such, should be accounted for and monitored to ensure it fulfills that purpose.
The data generated by and associated with each configuration item must also be collected and analyzed to ensure that the asset is performing as expected, because all assets exist within the context of the enterprise’s overall operations. When all assets are discovered and monitored, the data associated with each asset can be used not merely to provide reports as mandated by the CISA Directive, but to inform IT operations of factors influencing the performance of all other assets. That includes determining the health, availability, and reliability of the IT estate, and whether there have been any changes that affect an asset’s risk profile, or that trigger the detection of indicators of compromise.
These capabilities are fundamental to the operation of an AIOps platform like SL1. And with the additional functionality provided by the acquisitions of Restorepoint (configuration backup, configuration change management, and compliance analysis), the goals of BOD 23-01 are easily within reach under one vendor: ScienceLogic.
Solution
ScienceLogic’s SL1, engineered since inception to discover and monitor all infrastructure assets regardless of make, model, purpose, or technology, has been proven to be the best AIOps platform for delivering unified operational observability and IT operations process automation. SL1’s core capabilities not only provide a single source of truth for the discovery and continuous monitoring of assets across hybrid IT infrastructures, but also provide the means for achieving all elements of the CISA directive.
Specific to the requirements mandated by CISA, SL1 can automate asset discovery and the ingestion of associated data and automate the identification of software versions and relevant associated data using least privileged credentials. And because SL1 does this as a single source of truth, it supports directive-mandated reporting and process control from a central interface enabling BOD deliverables and better sustained operations.
Proof
ScienceLogic is no stranger to the federal marketplace. Many of the largest agencies in the U.S. government already relies on SL1 for its IT operations monitoring, supporting mission-critical services and the needs of a large and highly distributed workforce. What’s more, SL1 is certified as a secure technology by the Department of Defense’s and is included in the Approved Product List catalog, so any federal civilian agency can be confident that it can handle their needs.
In issuing BOD 23-01 CISA gives individual FCEBs discretion in how they can achieve the mandated objectives, offering implementation guidance that defines certain terms. ScienceLogic can help with insights gained from our extensive experience working with federal agencies as well as many of the world’s largest commercial organizations to do what the directive requires.
Learn more about how ScienceLogic can help advance your mission
