Configure Tenable Log Correlation Engine for NIAP Compliance

If your organization requires your instance of Log Correlation Engine to meet National Information Assurance Partnership (NIAP) standards, you can configure relevant settings to be compliant with NIAP standards.

You must run Log Correlation Engine 6.0.6 to configure Log Correlation Engine for NIAP compliance.

For more information about Log Correlation Engine storage and communications encryption, see Encryption Strength. For more information about data gathered by the Log Correlation Engine Client, see Tenable Log Correlation Engine Clients.

Before you begin:

  • Confirm you have enabled the full disk encryption capabilities provided by the operating system on the host where Log Correlation Engine is installed.

  • Contact Tenable Support for access to the following required script file:
    • LCE-NIAPcompliance-Oct29-fixerPkg.tgz

To configure Log Correlation Engine for NIAP compliance:

  1. As the root user, in the command line interface (CLI) in Log Correlation Engine, run the following command to create a new directory for the script file:

    mkdir /path/to/fixer29/

  2. Run the following commands to download the script file into the directory you created:

    cp /path/to/download/LCE-NIAPcompliance-Oct29-fixerPkg.tgz /path/to/fixer29

  3. Run the following command to navigate to the fixer29 directory:

    cd /path/to/fixer29

  4. Run the following command to extract the script:

    tar zxf LCE-NIAPcompliance-Oct29-fixerPkg.tgz

  5. Run the following command to start LCE-NIAPcompliance-Oct29-fixer:

    ./LCE-NIAPcompliance-Oct29-fixer

  6. Run the following commands to enable NIAP-compliant settings:

    . /opt/lce/tools/exigent-sessions.bashrc

    enable_NIAP_Mode

    Log Correlation Engine restarts.

    Log Correlation Engine secures communications with TLS 1.2 and the following cipher suites: ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-SHA384, or ECDHE-RSA-AES256-GCM-SHA384.

    Note: Enabling NIAP mode encrypts communications for the following:

    • Receiving the encrypted TCP syslog. For more information, see Receiving Encrypted Syslog.
    • Sending vulnerability reports to Tenable Security Center.
    • Downloading plugin updates.
    • Web UI server and desktop browser.

  7. (Optional) Run the following commands to view your NIAP settings and enabled ciper suites:

    undoc-config --get wwwd NIAP_COMPLIANT

  8. If you connect Log Correlation Engine to Tenable Security Center, you must use certificates to authenticate the connection. For more information, see Manual Key Exchange with Tenable Security Center.