FISMA /NIST 800-53 The Federal Information Security Management Act of 2002 (FISMA) is a US federal law initiated to bolster computer and network security within the Federal Government and affiliated parties (i.e. government contractors).
The Business Challenge
Within the FISMA Act are special NIST 800-53 guidelines on how organizations should implement security controls and provides a management framework of IT controls which can be implemented as policy and assessed accordingly for compliance. They include:
- Determine and document the boundaries of what constitutes the IT system
- Identify the information types within the system and categorize them according to risk of confidentiality, integrity or availability
- Perform a risk assessment - identifying potential threats and vulnerabilities and determining risk by calculating likelihood and impact of exploitation
- Select and implement security controls
- Assess and certify that controls are implemented and functioning
- Accredit the system by accrediting official
- Provide continuous monitoring of security controls, and run reports to reflect changes and modifications to the system
The Safestone Solution
Safestone’s Security Manager is a modular and integrated approach that can help define, manage and report on security policy compliance enabling future audits to be passed simply, quickly and efficiently. This, the very latest in compliance and audit software, can remove the burden of documentation, reduce IT costs and streamline the complete reporting process for companies looking to pass or continue their FISMA compliance audits.
Adequate controls need to be implemented on the System i to maintain the reliability of corporate data and to provide assurance that the data is trustworthy. Security Audit & Detection puts controls in place and prevents data being manipulated and corrupted.
With Risk & Compliance Monitor organizations can immediately identify policy compliance vulnerabilities across System i and automatically run reports.
Without adequate controls, unauthorized staff may gain access to sensitive information and use it to their advantage. Network Traffic Controller ensures that only the right personnel can actually access and use specific data.
Multiple Systems Administrator allows you to centralize administration of networked System i servers and partitions through a single point of control. Deployment and administration costs are significantly reduced, while resources are optimized and consistency is assured
Controlling the user lifecycle can significantly enhance security and User Profile Manager provides flexibility to easily manage profiles and passwords across System i. In addition the inability of a user to perform their IT functions because of profile or password issues is a situation that must be avoided. Password Self Help enables users to reset their own passwords without the need to call the Help Desk.