Automate 80% of FISMA network controls
The Federal Information Security Management Act (FISMA) of 2002 requires US federal agencies to implement information security plans to protect sensitive data and support the operations of the agency. The Federal Information Security Modernization Act of 2014 amended FISMA, leading to several modifications to the original law that brought FISMA into line with existing, modern-day information security concerns.
FISMA requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. Federal agencies are now encouraged to utilize more continuous monitoring and to focus on compliance – reduced federal funding or other penalties may result from non-compliance.
The top FISMA requirements include:
- Information System Inventory
- Risk Categorization
- System Security Plan
- Security Controls
- Risk Assessments
- Certification and Accreditation
Whilst FISMA was initially applicable to only US federal agencies, over time, the law has evolved to include state agencies administering federal programs (e.g. Medicare, Medicaid, unemployment insurance, etc.), and has been further expanded into the commercial sector for any private sector company that provides services to the government, supports a federal program or receives federal grant money.
See how Titania Nipper can help you save time and resource conducting compliance assessments with:
Critical risk remediation prioritization:
- Misconfigurations detected and assessed for
- impact to the network if exploited,
- ease of exploitation, and
- ease and time to fix
- Device specific remediation advice and command-line fixes
- Daily configuration drift monitoring
Security and compliance assurance:
- Assure compliance for FISMA, HIPAA, NIST, DISA RMF, CDM, CMMC and PCI DSS
- Reduce audit times by up to 80% with evidence of compliance
- Assessor-ready reports of compliance with:
- 94% of NIST 800-53 network controls
- 89% of CMMC network practices to evidence SCRM
- 94% of PCI DSS network device procedures
- STIGs
Continuous misconfiguration detection and response:
- Continuous visibility of misconfigurations and vulnerabilities
- Strategic, real-time prioritization of risk and remediation
- Dashboards and reports of security and compliance posture
- Roadmap to playbook-controlled auto-remediation
Accurately assess FISMA compliance using Nipper
The National Institute of Standards and Technology (NIST) is responsible for maintaining and updating the compliance documents, as directed by FISMA. Taking just minutes to set up and run, Titania Nipper automates the accurate assessment of 33 (80%) of the NIST 800-53 core network controls across 9 control families – 26 of which are Priority 1 controls.
Titania is proven to protect critical infrastructure
Ready for continuous misconfiguration detection and response?
Related Resources
Check out our latest resources
Analysing the configurations and interactions of your network infrastructure with the expertise of a skilled penetration tester - Nipper’s unrivalled accuracy typically saves auditors more than 3 hours per audit, per device
Read more