Major focus areas derived from NIST 800-53 Guidelines ArcSight can addresses many compliance regulations, based on a mapping of ArcSight content to the NIST 800-52 guidelines. Using this framework you can demonstrate compliance with the SOX, PCI, HIPAA, Basel II, ISO 17799 and the Federal NIST and FISMA mandates. Correlation Rules and Reports that can map to Multiple Regulations e.g. coverage for SOX, PCI, HIPAA, ISO 17799, NIST, FISMA. Major focus areas derived from NIST 800-53 Guidelines –Authentication, –Availability, –Workflow & –Attacks Access control policies Virus/Worm/Malware activity Configuration Management Attempted violations detected in last 24/wkly/mos./qtr Top 10 Systems w/ Most Violations in the last 24/wkly/mos./qtr Top 10 Users w/Most Violations in the last 24/wkly/mos./qtr Top 5 Bad Applications External Logins to Critical Systems Top 5 Systems having Bad Binaries Top 5 Bad Binaries in a Running State Rogue Systems Detected Events/Categories 1-9 e.g. Root Access, Access, Attempt, Denial HBSS Compliance by Module New Hosts Failed Logins by Device, Source IP etc Locked Accounts per day Top 10 Unsuccessful Administrative Logins Failed Anti-Virus Updates By Host Virus Summary Most Frequent 10 Targets Device and Operating System Configuration Modifications Failed Database Access Logins to Email Systems Administrative Logins and Logouts by Asset Successful Brute Force Logins Accounts not using STD Naming Convention Outside of Creation Script Timeframe

Operating System Reporting •Privileged User Administration •Successful and Failed Logins •Configuration Changes Firewall Reporting •Denied Inbound Connections •Denied Outbound Connections •Bandwidth Usage •Successful/Failed Login Activity Cross Device Reporting •Top Bandwidth Users •Password Changes •Top Attackers and Internal Targets Network Devices Reporting •Network Device Errors and Critical Events •Network Device Status and “Down” Notifications •Bandwidth Usage •Configuration Changes by User and Change Type •Successful and Failed Logins •Top Connections VPN Device Reporting •VPN Authentication Errors •Connection Counts •Connection Durations •Connections Accepted and Denied •Top Bandwidth Users •VPN Configuration Changes

IPS/IDS •IPS/IDS Alert Metrics •Alert Counts •Top Alert Sources and Destinations •Top Attackers and Internal Targets Access Management •User Authentication across hosts •Authentication Success and Failures •User Administration Configuration Changes Anti-Virus Reporting •Top Infected Systems •All AV errors •AV Signature Update stats •Consolidated Virus Activity •AV Configuration Changes Database •Database Errors and Warnings •Database Successful and Failed Logins •Database Configuration Changes

USACE

NGB

WP