The high Integrity requirements outlined in MAC-1 and MAC-2 under 8500.2 convey the importance of trust in the DoD infrastructure. The need for non-repudiation and oversight of the change control process is crucial for maintaining a trusted environment. CimTrak was designed precisely with these tenets in mind. CimTrak provides a validation process for change procedures along with alert and remediation mechanisms for any unauthorized modifications that occur outside of the change control window.
Through its advanced file integrity and system configuration monitoring, CimTrak also helps meet several control objectives under FISMA’s System Integrity (SI), Configuration Management (CM), and Audit (AU) categories. Other control categories found in SP800-53 also benefit from the wealth of audit detail captured and stored in the CimTrak Repository.
As the C&A process evolves and shifts towards a continuous monitoring model with NIST Draft SP800-137, agencies can benefit from the awareness that CimTrak can provide. The automated monitoring capabilities and deep audit insight ensures that it can meet information assurance needs of today as well as tomorrow.