SIEM & Logging

Splunk Enterprise Security

Name: Splunk Enterprise Security
Rating: 2.466666666666667 (30 reviews)
Author: Cisco

by Cisco

Covered

controls

Partial

controls

Gaps

controls

NIST 800-171 Coverage14%

Overview

Splunk Enterprise Security by Splunk is a siem & logging solution that covers 15 NIST 800-171 controls (14% total coverage). It addresses key requirements in the siem & logging domain for defense contractors pursuing CMMC compliance.

Controls Covered (15)

au-3-3-1 au-3-3-2 au-3-3-3 au-3-3-4 au-3-3-5 au-3-3-6 au-3-3-7 au-3-3-8 au-3-3-9 si-3-14-1 si-3-14-2 si-3-14-6 ir-3-6-1 ir-3-6-2 ra-3-11-1

Partially Covered (3)

ac-3-1-1 ca-3-12-1 cm-3-4-1

Not Covered (3)

mp-3-8-1 ia-3-5-1 pe-3-10-1

Implementation Notes

Deploy Splunk Enterprise Security with FIPS-validated configurations. Integrate with your SIEM for centralized audit logging. Review partial controls quarterly to identify supplementary tooling needs.

More SIEM & Logging Products

Microsoft Sentinel

Microsoft — 12% coverage

Elastic SIEM

Elastic — 9% coverage

Sumo Logic

Sumo Logic — 7% coverage

LogRhythm

LogRhythm — 9% coverage

Frequently Asked Questions

How many NIST 800-171 controls does Splunk Enterprise Security cover?

Splunk Enterprise Security covers 15 of 110 NIST 800-171 controls (14%), with 3 partially covered and 3 gaps.

Can Splunk Enterprise Security alone satisfy CMMC Level 2?

No single tool covers all 110 NIST 800-171 controls. Splunk Enterprise Security covers 14% and should be part of a layered security stack addressing the remaining controls.

What controls does Splunk Enterprise Security not cover?

Splunk Enterprise Security does not cover controls mp-3-8-1, ia-3-5-1, pe-3-10-1. These require supplementary solutions such as physical security controls, additional access management, or media protection tools.

Map Your Full Security Stack

See NIST 800-171 control coverage for 80+ security products.

Open NIST Tool Mapper

← All NIST Tool Mappings

SIEM & Logging

Splunk Enterprise Security

by Cisco

Covered

controls

Partial

controls

Gaps

controls

NIST 800-171 Coverage14%

Overview

Controls Covered (15)

au-3-3-1 au-3-3-2 au-3-3-3 au-3-3-4 au-3-3-5 au-3-3-6 au-3-3-7 au-3-3-8 au-3-3-9 si-3-14-1 si-3-14-2 si-3-14-6 ir-3-6-1 ir-3-6-2 ra-3-11-1

Partially Covered (3)

ac-3-1-1 ca-3-12-1 cm-3-4-1

Not Covered (3)

mp-3-8-1 ia-3-5-1 pe-3-10-1

Implementation Notes

More SIEM & Logging Products

Microsoft Sentinel

Microsoft — 12% coverage

Elastic SIEM

Elastic — 9% coverage

Sumo Logic

Sumo Logic — 7% coverage

LogRhythm

LogRhythm — 9% coverage

Frequently Asked Questions

How many NIST 800-171 controls does Splunk Enterprise Security cover?

Splunk Enterprise Security covers 15 of 110 NIST 800-171 controls (14%), with 3 partially covered and 3 gaps.

Can Splunk Enterprise Security alone satisfy CMMC Level 2?

No single tool covers all 110 NIST 800-171 controls. Splunk Enterprise Security covers 14% and should be part of a layered security stack addressing the remaining controls.

What controls does Splunk Enterprise Security not cover?

Map Your Full Security Stack

See NIST 800-171 control coverage for 80+ security products.

Open NIST Tool Mapper

← All NIST Tool Mappings