Understanding FISMA compliance is a crucial part of your network security compliance posture.
Your organization needs to be compliant with many global regulations. These regulations include HIPPA, PCI DSS, GDPR, ISO/IEC 27001, NIST, NERC, Sarbanes-Oxley (SOX), and more. In many cases, the same regulations that apply to your on-premises environment also apply to the cloud. However, many regulations relate specifically to your cloud controls.
The National Institute for Standards and Technology (NIST) has published Special Publication 800-41 Revision 1: Guidelines on Firewalls and Firewall Policy. Section 4 relates to the importance of firewall policies and sets out best practices for firewall policy management. According to the document (section 4-1):
Before a firewall policy is created, some form of risk analysis should be performed to develop a list of the types of traffic needed by the organization and categorize how they must be secured—including which types of traffic can traverse a firewall under what circumstances. This risk analysis should be based on an evaluation of threats; vulnerabilities; countermeasures in place to mitigate vulnerabilities; and the impact if systems or data are compromised. Firewall policy should be documented in the system security plan and maintained and updated frequently as classes of new attacks or vulnerabilities arise, or as the organization’s needs regarding network applications change. The policy should also include specific guidance on how to address changes to the ruleset.
According to Section 4 of Special Publication 800-41 Revision 1: Guidelines on Firewalls and Firewall Policy:
According to NIST (5.2.2), “if multiple firewalls need to have the same rules or a common subset of rules, those rules should be synchronized across the firewalls. This is usually done in a vendor-specific fashion.” Network security policy management solutions such as the AlgoSec Security Management solution enables unified multi-vendor policy management across your entire hybrid network.
AlgoSec automatically generates pre-populated, audit-ready compliance reports for leading industry regulations, including SOX, BASEL II, GLBA, PCI DSS, ISO 27001, FISMA, and NIST controls for FedRAMP — which helps reduce audit preparation efforts and costs. AlgoSec also uncovers gaps in the compliance posture and proactively checks every change for compliance violations. AlgoSec also provides daily audit and compliance reporting across the entire heterogeneous network estate. The AlgoSec appliance also uses Federal Information Processing Standard (FIPS) Publication 140 certified cryptographic modules to support FIPS 140-2 compliant devices and enable seamless deployment in FIPS 140-2 compliant organizations.
Regulations and compliance for the data center – A Day in the Life
The company has a hybrid network – multiple firewalls spread across a physical data center, Cisco ACI and Amazon Web Services. Each platform is protected by its own security cont...
The firewall audit checklist
Six best practices for simplifying firewall auditing and compliance, and reducing risk.
Stop putting out fires. Pass network security audits – every time
Compliance with network and data security regulations and internal standards is vital and mission-critical. But with increasing global regulations and network complexities, it’s ...
It is critical to periodically audit your network security controls. Network security audits help to identify weaknesses in your network security posture so you know where your security policies need to be adapted. Firewall audits also demonstrate that you have been doing your due diligence in reviewing security controls and policy controls.
Your network firewalls are a critical part of FISMA and other regulatory requirements. Ensuring that your network firewalls comply with critical regulations is a core part of your network security posture.