5.1 Capabilities: Governance
Governance is how you manage control and permissions, including multi-factor authentication and enterprise-level (Single Sign-On) SSO. The core of governance within the TruSTAR platform is the seamless control and secure dissemination of data using the ultimate mechanism for data sovereignty: Enclaves.
Enclaves organize your internal or external intelligence into a system of cloud-based repositories with strict access controls. These Enclaves are flexible and customizable to meet your organization’s unique data access-control needs.
Private Enclaves store internal data you have submitted to TruSTAR.
Sharing Community Enclaves are shared across ISAC/ISAOs and are available to any member of that sharing community.
The TruSTAR Community Enclave is available to all users of TruSTAR. Anyone can submit information to this Enclave.
Intelligence Source Enclaves store the data from external third-party providers. When you subscribe to an external intelligence source, that intelligence is stored in an Enclave with the provider’s name as the title.
Example of Enclave Usage
Enclaves can support many different uses. For example, the ISAO/ISAC has a goal of creating a secure place for members to share cybersecurity information and intelligence. TruSTAR has worked with these groups to build enclaves that support that goal:
- Member Share Enclave: Members can choose to share data to this enclave, but it is not curated by anyone.
- ISAO/ISAC Vetted Enclave: Stores data from the Member Share Enclave has been cleaned and curated by group members and/or staff.
- Private Enclave: Each member company has their own private Enclave only accessible by users from that company. This provides the ability to filter what you may want to share and redact it as part of the sharing process.
The graphic below shows how a typical Security Operations Center (SOC) uses an SIEM tool to access data through TruSTAR: curated data in a Vetted Enclave (left side) and intelligence sources (right side).