FISMA Compliance Framework

FISMA defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. federal government agency in the executive or legislative branches, or by a contractor or other organization on behalf of a federal agency in those branches. This framework is further defined by the standards and guidelines developed by NIST.

  • Inventory of information systems – Take an inventory of the information systems controlled by each agency
  • Categorize information and information systems according to risk level
  • Appropriate security controls and assurance requirements – Ensure you have the appropriate security controls as set out in the NIST Special Publication 800-53
  • Risk assessment – Validate your security controls and determine if any additional controls are needed
  • System security plan – Execute and frequently review plans for implementing security controls
  • Certification and accreditation – The system must be reviewed and certified as functioning according to the appropriate standards
  • Continuous monitoring – Monitor and update to reflect ongoing changes

Resources

Regulations and compliance for the data center – A Day in the Life

The company has a hybrid network – multiple firewalls spread across a physical data center, Cisco ACI and Amazon Web Services. Each platform is protected by its own security cont...

The Firewall Audit Checklist

Six Best Practices for simplifying firewall auditing and compliance, and reducing risk.

Stop Putting out Fires. Pass Network Security Audits – Every Time

Compliance with network and data security regulations and internal standards is vital and mission-critical. But with increasing global regulations and network complexities, it’s ...

FISMA Compliance Tips

img

Conduct a network security audit

It is critical to periodically audit your network security controls.  Network security audits help to identify weaknesses in your network security posture so you know where your security policies need to be adapted. Firewall audits also demonstrate that you have been doing your due diligence in reviewing security controls and policy controls.

img

Conduct periodic compliance checks

Your network firewalls are a critical part of FISMA and other regulatory requirements. Ensuring that your network firewalls comply with critical regulations is a core part of your network security posture.

img

Periodically evaluate your firewall rules

Followingfirewall rules best practices, you should periodically evaluate your firewall rules. Identify and consolidate duplicate rules, remove obsolete or unused firewall rules, and perform periodic firewall rule re-certification.