If you're one of these agencies that's still struggling to achieve FISMA compliance, maybe it's time to jumpstart your risk management program.
Start by asking the following questions:
- How do we protect our security boundaries and access points?
- Which assets are at risk?
- What should we include in our security incident procedures?
- What are the expectations of real-time vulnerability alerts?
- What is the importance of conducting periodic testing and evaluation?
- Are your business line managers accountable for maintaining the security of their personnel, systems, facilities, and information?
If any of these leave you wondering, a new white paper, Closing the Control Gaps: Eight Elements of an Effective Plan for FISMA Compliance, can help you answer these and other important questions. This important paper from netForensics focuses on eight security practices that are essential to a successful compliance and cyber defense strategy. It discusses how you can leverage your existing technology and tools to identify, assess, and report on security-related issues, information, and events. The paper also offers insight into how you can ultimately provide tangible evidence of your efforts so you can meet FISMA compliance.