The Federal Information Security Management Act (FISMA) is legislation passed in 2002 as Title III of the E-Government Act of 2002 by the United States federal government. This legislation, along with the recent 2013 modernization update, clearly defines an extensive security framework designed to protect government security issues involving everything from building security, information security, and cybersecurity to identity management.
The passage of FISMA legislation has not only greatly increased awareness of cybersecurity within the federal government. It has also effectively emphasized the vital importance of a risk-based policy for cost-effective security solutions that apply to all organizations, consultants and contractors that work for the federal government.
Additionally, these same security and compliance guidelines now reach into the private sector for those that maintain relationships with federal governmental agencies. Examples include enterprises providing financial services, higher education institutions, energy production and infrastructure as well as state level agencies the provide federally deployed benefits programs.
The security requirements dictate that organizations must address the following:
- Categorize all information and systems based on risk level
- Meet minimum security requirements and create a system security plan
- Establish a comprehensive plan to effectively inventory information systems
- Conduct periodic risk assessments
- Establish a comprehensive system for continuous monitoring
- Pass accreditation and certification on a regular basis
The consequences for noncompliance are severe and very real in today's IT environment. All of these security standards and guidelines must be preserved and applied to protect ongoing federal government contracts.
The need to maintain compliance is critical. Putting in place the right tools can make all the difference in the face of constant cyber-threats that endanger a company’s IT infrastructure. Some concerns that can be managed with a tool such as CimTrak in relation to FISMA are:
- System and Information Integrity Control (SI)
- Configuration Management (CM)
- Audit (AU)
Compliance with these controls does not have to be difficult and should never be out of reach. The Cimcor team regularly consults with government agencies and private enterprises that need to integrity control, configuration management, and audit and discusses how the CimTrak solution can help address these FISMA areas.
July 17, 2014