Automate 94% of FISMA network controls
The Federal Information Security Management Act (FISMA) of 2002 requires US federal agencies to implement information security plans to protect sensitive data and support the operations of the agency. The Federal Information Security Modernization Act of 2014 amended FISMA, leading to several modifications to the original law that brought FISMA into line with existing, modern-day information security concerns.
FISMA requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. Federal agencies are now encouraged to utilize more continuous monitoring and to focus on compliance – reduced federal funding or other penalties may result from non-compliance.
The top FISMA requirements include:
- Information System Inventory
- Risk Categorization
- System Security Plan
- Security Controls
- Risk Assessments
- Certification and Accreditation
Whilst FISMA was initially applicable to only US federal agencies, over time, the law has evolved to include state agencies administering federal programs (e.g. Medicare, Medicaid, unemployment insurance, etc.), and has been further expanded into the commercial sector for any private sector company that provides services to the government, supports a federal program or receives federal grant money.
Accurately assess FISMA compliance using Nipper
The National Institute of Standards and Technology (NIST) is responsible for maintaining and updating the compliance documents, as directed by FISMA. Taking just minutes to set up and run, Titania Nipper automates the accurate assessment of 34 (94%) of the NIST 800-53 network controls across 10 control families.
See how Titania Nipper can help you save time and resource conducting compliance assessments
Flexible, easy-to-read reports and SIEM dashboards supported by detailed diagnosis and remediation recommendations help reduce Mean Time to Detection (MTTD) and Remediation (MTTR).