Overview

DoDI 8500 is a compliance requirement issued by the Department of Defense (DoD) that establishes the Information Assurance (IA) policies and guidelines for DoD information systems. It sets the standards and requirements for securing and protecting DoD information assets to ensure the confidentiality, integrity, and availability of sensitive information. 

Netsurion Managed XDR for DoDI 8500 Compliance 

Netsurion Managed XDR combines SIEM, log management, proactive threat hunting, and guided incident response to effectively meet the requirements outlined in DoDI 8500 Compliance. With comprehensive monitoring, analysis, and reporting capabilities organizations can identify and manage their assets, establish access controls, protect resources, and respond promptly to incidents. 

By leveraging Netsurion’s security solutions, organizations can strengthen their information security posture, meet the requirements of DoDI 8500, and protect sensitive DoD information assets. This helps maintain the confidentiality, integrity, and availability of data, while also ensuring compliance with DoD IA policies. 

Using Netsurion Managed XDR to meet DoDI 8500.2 Requirements

Requirement 1: Access Control Policy and Procedures

Netsurion Open XDR manages information system accounts, including:

  • Identifying authorized users of the information system and specifying access privileges.
  • Establishing, activating, modifying, disabling, and removing accounts.
  • Notifying account managers when temporary accounts are no longer required and when information system users are terminated, transferred, or information system usage or need-to-know/need-to-share changes.

Requirement 2: Access Enforcement

Netsurion Open XDR manages Access control policies and access enforcement mechanisms to control access between users and objects in the information system. Consideration is given to the implementation of an audited, explicit override of automated mechanisms in the event of emergencies or other serious events. If encryption of stored information is employed as an access enforcement mechanism, the cryptography used is FIPS 140-2 (as amended) compliant.

Requirement 3: Information Flow Enforcement

Netsurion Open XDR monitors unauthorized use of the information system. Netsurion Open XDR monitors the information system both externally and internally. External monitoring includes the observation of events occurring at the system boundary (i.e., part of perimeter defense and boundary protection). Internal monitoring includes the observation of events occurring within the system (e.g., within internal organizational networks and system components). Information system monitoring capability is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, audit record monitoring software, network monitoring).

Requirement 4: Logon

Netsurion Open XDR monitors unsuccessful login attempts may be implemented at both the operating system and the application levels.

Requirement 5: Supervision and Review – Access Control

Netsurion Open XDR monitors audit processing failures like software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded.

Requirement 6: Remote Access

Netsurion Open XDR monitors unauthorized remote access to the information system. It authorizes remote access to the information system prior to connection and enforces requirements for remote connections to the information system.

Requirement 7: Audit and Accountability Policy and Procedures

Netsurion Open XDR successfully monitors the complete audit information that comprises of information about audit records, audit settings and audit reports.

Requirement 8: Auditable Events

Netsurion Open XDR monitors and audits all types of events and captures all event information.

Requirement 9: Continuous Monitoring

Netsurion Open XDR monitors any changes to the hardware, software, and/or firmware components of the information system that can potentially have significant effects on the overall security of the system. Netsurion Open XDR’s list management features are available to all users to manage internal and external feeds of threat intelligence. Lists, once created, can be updated automatically. Lists can be used to search through log data, thereby clearly seeing if global trends are impacting your network. List lookup APIs is available for use in remedial actions. This allows efficient creation and use of both Safelists and Unsafelists for processes, IP addresses, services and port numbers.

Requirement 10: Ports, Protocols, and Services

Netsurion Open XDR provides the essential capabilities and specifically prohibits or restricts the use of the following functions, ports, protocols, and/or services: [Assignment: organization-defined list of prohibited or restricted functions, ports, protocols, and/or services].

Requirement 11: Individual and Group Authentication

Netsurion Open XDR uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Requirement 12: Vulnerability Scanning

Netsurion Open XDR Vulnerability Management scans for vulnerabilities in the information system; hosted applications and new vulnerabilities potentially affecting the system/ applications are identified and reported.