What is FISMA?
The Federal Information Security Management Act of 2002 (commonly abbreviated to FISMA) is another name for Title III of the U.S. E-Government Act (public law 107-347). FISMA defines a framework for ensuring the effectiveness of security controls over information and information systems that support federal operations. FISMA compliance is mandatory for federal agencies, their contractors and other organizations working on behalf of federal agencies.
FISMA 2014 reform
The Federal Information Security Modernization Act of 2014, which is also known by the abbreviation FISMA, is the name of the U.S. public law 113–283. Enacted in 2014, this new legislation updates and modernizes the original FISMA law to address current security concerns. It puts special emphasis on continuous compliance, monitoring and mitigation, periodic risk assessment and evaluation of controls.
Capabilities of Netwrix Auditor
Protect federal information and simplify your next FISMA audit with Netwrix Auditor
To adequately protect federal information and satisfy FISMA reporting demands, agencies need to establish and validate an appropriate set of security controls and continuously monitor the observation of security principles and policies. Netwrix Auditor helps the federal government and private contractors implement the information security provisions of FISMA to mitigate known or suspected cyber threats and ensure the confidentiality, integrity and availability of protected information.
Protect high-value federal information with actionable audit records
Detect and report on all IT changes affecting the rules that govern access control; monitor and control access permissions; and stay current on all unauthorized attempts to access sensitive information.
Pass external audits using out-of-the-box FISMA compliance reports
Use out-of-the-box compliance reports to demonstrate that specific security processes and procedures are in place and effectively managed.
Use Interactive Search to answer questions from FISMA auditors
If predefined reports do not deliver enough event-specific details and context, use Interactive Search to investigate the event from different angles and satisfy your assessors.
Reconstruct events with reliable, system-wide audit trails
Preserve details of important IT events in a two-tiered storage system that enables complete, organization-wide audit trails and ensures audit records are reliably tied to their specific time stamps.