FISMA

The Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, outlines requirements for securing Federal information. It requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

What an organization does to maintain good security operations is one thing, and many departments have the talent to be secure. But FISMA compliance presents an enormous amount of work required by IT and security teams to meet these additional set of challenges and are forcing managers to focus on compliance to avoid penalties.

Office of Management and Budget (OMB) through Circular A-130, Appendix III, Security of Federal Automated Information Resources, requires executive agencies within the federal government to:

Plan for security;
Ensure that appropriate officials are assigned security responsibility;
Periodically review the security controls in their information systems; and
Authorize system processing prior to operations and, periodically, thereafter.

FISMA regulations establish policy guidelines and reporting instructions to ensure that all federal departments and agencies take a "risk-based, cost-effective approach to secure their information and systems, identify and resolve current IT security weaknesses and risks, as well as protect against future vulnerabilities and threats."

Most agencies today have some level of defined internal policies for IT security, but many have insufficient mechanisms to measure compliance and enforce those policies. While many security managers are eager to enforce these measures and show the auditors their best practices in vulnerability scanning, patch management, and incident reporting. Becoming FISMA compliant can be challenging and frustrating as auditors are concentrating more and more on paperwork. AMZNET can help your agency to enforce these security policies and processes to strengthen the foundation for both a secure internal network as well as external regulatory compliance.
 

Contact us for more information

Download E-Government Act of 2002

 

           Home         About Us          Services          Solutions          Careers          Contact

Copyright 2021 AMZNET LLC. All rights reserved