CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
To assist Environment Owners with tracking of continuous controls as identified in Section 5 of the Leidos Environment Continuous Monitoring guide, CIS provides a Continuous Monitoring Dashboard available to all environment owners. ECM environments are scanned by CIS and the data is automatically populated in this dashboard. The purpose of the continuous monitoring is to ensure the complete set of security controls which are planned, required, inherited, and deployed for ECM continue to be effective over time despite inevitable changes. This helps manage the risk of system compromise and provide a means to strengthen cyber defenses and maintain an acceptable level of risk. The Continuous Monitoring Dashboard is available for Environment Owners to review key elements of your ECM environments. Some of the items that can be tracked from the dashboard include:
- Credentialed success of vulnerability scans
- Expiration date of the environment for IATO and ATO
- Vulnerability Score as tracked using the CCRI Scoring Metric
- Number of external Critical and High vulnerabilities
- Number of internal Critical vulnerabilities
- Splunk logging
- Splunk agents reporting
- Nessus hosts reporting
- CrowdStrike agents reporting
Once an environment is deployed in ECM, CIO managed or Tenant Managed, the Environment Owner is responsible for validating successful implementation and continuous monitoring of ECM logging and scanning of hosts by monitoring the items tracked within the Continuous Monitoring Dashboard. The Leidos Splunk team sends the environment owner a Splunk log data collection reports every two weeks via email. This report identifies all the hosts deployed within the ECM environment and highlights the logging status for each source.
If there is a logging or scanning issue in your infrastructure or hosts and the environment is “CIO managed” by ECM, the Environment is to submit a CIO Central General Service Request (GSR) to the ECM team to have it resolved immediately. In the Topic field, specify “route ticket to HS-ECM-Operations” to have the ticket routed to the ECM Operation team. In the Details enter “Environment ID, Environment Name, IP Address Range (IP Networks or subnets), Number of hosts in the environment.
If the environment is Tenant Managed, the environment owner is responsible for resolving any logging or scanning issue or findings in the environment. If you need to request Splunk logging for the environment a General Service Request must be submitted. In the Topic field of the ticket, enter "Integrate IT Environment with Enterprise Splunk". In the Details field, enter “Environment ID, Environment Name, IP Address Range (IP Networks or subnets), Number of hosts in the environment, and the note “Please route this ticket to CIS_Cyber_BE_Integration”.
The Continuous Monitoring Dashboard updates environment data three to four times a day. You should expect to see updates for log monitoring the same day or the next day. For host scan data, the vulnerability management team is scanning daily with agents and three times a week for network scans. Scan results should be expected within one to three days within the Dashboard.
If an environment owner does not have access or cannot see the data for their ECM environment within the Continuous Monitoring Dashboard, follow the instructions on this prism page below.
- https://prism.leidos.com/digital_modernization_sector/ciso/biso_information_hub/business_information_security_officer_biso_wiki_library/vulnerability_scanning_how_do_i_onboard_my_system_to_use_vulnerability_scanning
- An Active Directory (AD) group needs to be provisioned for your environment where the project can use Active Roles Server (ARS) to self-service assigned users and control access to the environment’s data.