Security Management Solutions
Security Management Solutions
Overview | Management | Board & Investors | Careers | Contact Us
Overview | NerveCenter | InfoCenter | ThreatCenter | LogCenter | InfoCenter on IBM BladeCenter
Overview | Compliance Solutions | Security Management Solutions | Network Management Solutions
Overview | Professional Services | Education & Training | Customer Support
Overview | Case Studies
Overview | Premier Partners | Strategic Partners | Technology Partners
Press Releases | Articles & News | Tradeshows & Exhibits
Information Security Management & Security Event Management

FISMA Compliance


The Federal Information Security Management Act (FISMA) is designed to ensure appropriate security controls for government information and is governed by the National Institute of Standards and Technology (NIST), which is responsible for all standards and guidelines with respect to the regulation. Enacted in the United States in 2002, it provides a framework to protect federal information and assets. The Act focuses on bolstering computer and network security within the federal government and government contractors by mandating annual audits.
 
How to meet FISMA Compliance 
 
FISMA requires that all federal government systems comply with its regulations. Government systems subject to more strict security measures, such as those governing information on national security, are considered in compliance. The Act emphasizes the need for organizations to develop, document, and implement an organization-wide program to provide information security for the information systems that support its operations and assets. This rule requires strong monitoring systems within government agencies and companies that do business with the government. Security information and event management (SIEM) is required for—and plays a vital role in—FISMA compliance. Using the technical guidance set forth by the NIST, OpenService has mapped reports to help covered entities comply with FISMA.
 
To address FISMA requirements, companies must be able to address the following objectives:
  		•  Access Control monitors attempts to access anything on a company’s systems including files, directories, database records, or applications.
  		• Configuration Control monitors the configuration, policies, and software installed on systems covered by a particular compliance regulation and all systems with access to the monitored system.
  		• Malicious Software Detection capabilities collect and report malicious activities caused by viruses or other malicious code.
  		• Policy Enforcement verifies that all users are complying with regulations to reduce the chance of accidental exposure of sensitive information to unauthorized users.
  		• User Monitoring and Management creates a complete audit of the activities of non-employees with access to private data and takes steps to minimize the risk from compromised accounts.
  		• Environment & Transmission Security involves the ongoing monitoring of the environment to ensure that security threats are detected and corrected as quickly as possible through proactive measures such as VA scans.
    OpenService’s security suite InfoCenter can work with your existing security applications and devices to make meeting these requirements easier:  
  		• with the LogCenter component of InfoCenter, collect data and store it for forensic analysis, event history, and proof of compliance
  		• with the reporting utility of InfoCenter, generate summary and detailed reports of proof of compliance, including user activity, configuration change, and audit reports
  		• with the correlation ability of InfoCenter, collect data across all security and monitoring applications, detecting malicious intent across your entire environment
  		• with the alert monitoring utility of InfoCenter, notify your security and network administrators of problem areas before they become critical


     | Privacy Policy  | Copyright  | ©2002-2008 OpenService, Inc. All Rights Reserved