As an approved information assurance product, CimTrak supports compliance-reporting efforts for both DoD and civilian agencies. Security controls defined in DODI 8500.2 or FISMA (NIST SP800-53 Rev3) provide the general guidance, but as with any controls, each agency must determine the best method to achieve those objectives. CimTrak is designed to provide an efficient way to provide coverage for multiple controls and integrate with your reporting framework in order to support DIACAP or C&A processes.
The high Integrity requirements outlined in MAC-1 and MAC-2 under 8500.2 convey the importance of trust in the DoD infrastructure. The need for non-repudiation and oversight of the change control process is crucial for maintaining a trusted environment. CimTrak was designed precisely with these tenets in mind. CimTrak provides a validation process for change procedures along with alert and remediation mechanisms for any unauthorized modifications that occur outside of the change control window.
Through its advanced file integrity and system configuration monitoring, CimTrak also helps meet several control objectives under FISMA’s System Integrity (SI), Configuration Management (CM), and Audit (AU) categories. Other control categories found in SP800-53 also benefit from the wealth of audit detail captured and stored in the CimTrak Repository. Download the FISMA whitepaper to learn how CimTrak supports these controls.
As the C&A process evolves and shifts towards a continuous monitoring model with NIST Draft SP800-137, agencies can benefit form the awareness that CimTrak can provide. The automated monitoring capabilities and deep audit insight ensures that it can meet information assurance needs of today as well as tomorrow.