Activity 7.2: Review a NIST Security Architecture The graphic on the next page shows the NIST access authorization information flow and its control points in a logical flow diagram as found in NIST SP1800-5b. This NIST architecture uses a number of important information gathering and analytical systems:

Fathom, a system that provides anomaly detection

BelManage, which monitors installed software

Bro, an IDS

Puppet, an open source configuration management tool that is connected to the organization's change management process

Splunk, for searching, monitoring, and analyzing machine-generated big data, via a web-style interface

Snort, an IDS

WSUS for Windows updates

OpenVAS, an open source vulnerability management tool

Asset Central, an asset tracking system

CA ITAM, which also tracks physical assets

iSTAR Edge, a physical access control system

Make note of potential issues with this diagram, marking where you would apply additional controls or where a single failure might lead to a systemwide failure. Additional details about the specific systems and capabilities can be found in the NIST ITAM draft at nccoe.nist.gov/sites/default/files/library/sp1800/fs-itam-nist-sp1800-5b-draft.pdf.