Federal: FISMA

Federal Information Security Management Act (FISMA)

In 2002 the Federal Information Security Management Act (FISMA) was signed into law. The primary purpose of FISMA is to provide a comprehensive framework to ensure effective information security controls are in place for all federal agencies and affiliates. FISMA replaced the Government Information Security Reform Act (GISRA) and the Computer Security Act of 1987 with permanent mandates that strengthen computer and network security.
Download FISMA datasheet

Key facts and data security requirements you should know

• FISMA imposes a mandatory set of processes that encompass Federal Information Processing Standards (FIPS) documents, special publications SP-800 series issued by the National Institute of Standards and Technology (NIST), and other legislation such as HIPAA that is pertinent to federal information systems
• These processes must be followed by US Government federal agencies or by contractors or other organizations on behalf of a US Government agency
• To comply with FISMA organizations must:
  • Complete periodic risk assessments and regularly test the effectiveness of security policies, procedures, and practices in place
  • Develop security policies and procedures
  • Take specific actions to mitigate or reduce risks
  • Establish a pre-determined process for remediation of security deficiencies as they are discovered
  • Participate in yearly audits and provide a process for reporting security incidents.

^ back to top

Proven data loss prevention for FISMA

Vontu solutions enable government agency to demonstrate controls for FISMA risk reduction

A large government agency needed measurable ways to demonstrate FISMA compliance. Complicating this task were thousands of far-flung offices, and the fact that it was also undergoing an initiative to consolidate its hundreds of data centers to fewer than a dozen. The agency conducted a Vontu Federal Risk Assessment based on NIST data security standards to identify sensitive information and measures level of risk in four key areas: On laptops; on open file shares and servers; exiting the network via e-mail, instant messaging, or other Internet protocols; and being downloaded to endpoints such as local drives, USB drives, CDs/DVDs, iPods, or other removable media. Vontu Network Monitor provides the network coverage and accuracy, on a scale no other Data Loss Prevention solution matches, and can demonstrate compliance, measure risk, and show risk reduction over time.

^ back to top

How Vontu solutions demonstrate compliance with FISMA

Vontu solutions provide comprehensive FISMA data loss prevention for any government organization or affiliate that needs to reduce the risk of compromising the sensitivity, integrity, or availability of sensitive data. Advantages include:

• Pre-defined OMB 6-16 and FIPS 199 policy template to detect information classified as sensitive according to the guidelines established in the FIPS Publication 199 from the NIST
• Discover and protect sensitive data exposed on file servers, databases, Microsoft SharePoint®, Lotus Notes®, Documentum®, LiveLink®, web servers, Microsoft Exchange®, and other data repositories
• Monitor and prevent data loss on the network including email, IM, Web, Secure Web (HTTP over SSL), FTP, P2P, and generic TCP
• Discover sensitive data stored on the endpoint, such as desktops and laptops, and prevent this data from being inappropriately used, sent out, or copied to storage devices such as USB drives, CD/DVDs, or iPods
• Comprehensive audit support to address annual audits through pre-built compliance reports and role-based dashboards
• Role-Based Access Control enables specific agencies and departments to review and remediate only those FISMA incidents relevant to their role and privileges.

^ back to top

Related Resources