Compliance
Federal Information Security Management Act (FISMA)
Regulation Summary
The Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, outlines requirements to secure Federal information. Each Federal Agency, including contractors or other organizations who work with the agency, must develop, document, and implement an agency-wide information security program. The National Institute for Standards and Technology (NIST) provides detailed guidance and recommendations for FISMA compliance. NIST guidelines encompass all aspects of information security.
FISMA sections 3544 and 3505 require the following:
- Compliance for every IT system – Required identification of all systems in use and that access federal information, and validation of their compliance. To help aid agencies in obtaining this, the National Institute of Standards and Technology (NIST) has released a series of guidelines, checklists, and templates that detail acceptable configurations for systems.
- Risk Assessment – The agency must have an agency-wide information security program that includes controls and checks to ensure effectiveness, including reporting on existing risks and responses.
- Incident response – The NIST Controls document outlines specific steps to follow and functions to perform depending on the level of threat posed by the environment.
- Intrusion detection – Requires reporting on cyber security, risks and responses.
- Boundary protection – Systems and applications should be protected from unauthorized access, both from outside the agency and its contractors, and from within.
- Compliance Reporting – Requires detailed reporting on FISMA compliance status.
- Improving Compliance Using Sourcefire –
Sourcefire 3D helps agencies improve their FISMA compliance. Sourcefire’s patent-pending combination of threat and network discovery, behavioral profiling, and integrated vulnerability management ensures your agency can effectively and easily implement the security best-practices recommended by NIST.
Sourcefire® provides the most effective way to establish, enforce, monitor and manage the security policies you need to ensure compliance and protect your agency's Federal information assets.
Sourcefire Addresses FISMA Requirements
As the Enterprise Threat Management (ETM) system for your agency, Sourcefire provides the following capabilities critical to comprehensive network security and FISMA compliance:
| NIST 800-53 Requirement |
The Sourcefire 3D Approach |
| CA-7 Continuous Monitoring |
Sourcefire 3D delivers continuous monitoring for security events, anomalous behavior, configuration changes & policy violations, and vulnerability exposure |
| IR-5 Incident Monitoring |
Security events are marked impact flags based on the asset profile and vulnerability information to speed analysis and allow analysts to focus on critical events |
| RA-3 Risk Assessment |
3D creates a real time profile of the OS, applications, services, ports etc. on every host and maps that against a database of 12,000+ known vulnerabilities. Configuration changes result in a continuously updated risk assessment vs. known vulnerabilities |
| RA-5 Vulnerability Scanning |
| SI-3 Intrusion Detection Tools and Techniques |
3D deploys in a systemic fashion to enable real-time threat detection, analysis and automated remediation. 3D exceeds the recommended protection for IDS/IPS documented in NIST 800-53 |
| CM-1 Configuration Management Policy and Procedures |
The 3D System enables users to implement baseline configuration policies for endpoints, subnets and networks. The system automates monitoring and enforcement of configuration policy. |
| CM-2 Baseline Configuration |
| CM-4 Monitoring Configuration Changes |
|
