Automate 80% of FISMA network controls

The Federal Information Security Management Act (FISMA) of 2002 requires US federal agencies to implement information security plans to protect sensitive data and support the operations of the agency. The Federal Information Security Modernization Act of 2014 amended FISMA, leading to several modifications to the original law that brought FISMA into line with existing, modern-day information security concerns.

FISMA requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. Federal agencies are now encouraged to utilize more continuous monitoring and to focus on compliance – reduced federal funding or other penalties may result from non-compliance.

The top FISMA requirements include:

  • Information System Inventory
  • Risk Categorization
  • System Security Plan
  • Security Controls
  • Risk Assessments
  • Certification and Accreditation

Whilst FISMA was initially applicable to only US federal agencies, over time, the law has evolved to include state agencies administering federal programs (e.g. Medicare, Medicaid, unemployment insurance, etc.), and has been further expanded into the commercial sector for any private sector company that provides services to the government, supports a federal program or receives federal grant money.

See how Titania Nipper can help you save time and resource conducting compliance assessments with:

Critical risk remediation prioritization:

  • Misconfigurations detected and assessed for
    • impact to the network if exploited,
    • ease of exploitation, and
    • ease and time to fix
  • Device specific remediation advice and command-line fixes
  • Daily configuration drift monitoring

Security and compliance assurance:

  • Assure compliance for FISMA, HIPAA, NIST, DISA RMF, CDM, CMMC and PCI DSS
  • Reduce audit times by up to 80% with evidence of compliance
  • Assessor-ready reports of compliance with:
    • 94% of NIST 800-53 network controls
    • 89% of CMMC network practices to evidence SCRM
    • 94% of PCI DSS network device procedures
    • STIGs

Continuous misconfiguration detection and response:

  • Continuous visibility of misconfigurations and vulnerabilities
  • Strategic, real-time prioritization of risk and remediation
  • Dashboards and reports of security and compliance posture
  • Roadmap to playbook-controlled auto-remediation

Accurately assess FISMA compliance using Nipper

The National Institute of Standards and Technology (NIST) is responsible for maintaining and updating the compliance documents, as directed by FISMA. Taking just minutes to set up and run, Titania Nipper automates the accurate assessment of 33 (80%) of the NIST 800-53 core network controls across 9 control families – 26 of which are Priority 1 controls.

Titania is proven to protect critical infrastructure

Need accurate on-demand security and compliance audits and assurance?


Ready for continuous misconfiguration detection and response?


Related Resources

Check out our latest resources
NIST 800-53 Mapping Document
NIST 800-53 Mapping Document

Accurately automate the assessment of 94% of NIST 800 53 core network controls

Read more
NIST SP 800-53 Compliance Explained - How to be compliant
NIST SP 800-53 Compliance Explained - How to be compliant

This guide explores NIST SP 800-53, its controls and requirements, and tips to help organizations achieve and maintain compliance.

Read more
Titania Nipper Datasheet - Military & Federal
Titania Nipper Datasheet - Military & Federal

Analysing the configurations and interactions of your network infrastructure with the expertise of a skilled penetration tester - Nipper’s unrivalled accuracy typically saves auditors more than 3 hours per audit, per device

Read more
Titania Nipper NIST 800-171 Datasheet
Titania Nipper NIST 800-171 Datasheet

Nipper’s NIST 800-171 Module automates the accurate assessment of 21 (60%) NIST 800-171 requirements for core network devices across 6 control families.

Read more