Real-Time FISMA Compliance Monitoring

Real-Time FISMA Compliance Monitoring The E-Government Act, passed into law in December 2002, recognized that information security is essential to protect the nation's economic and national security interests. Title III of the E-Government Act, the Federal Information Security Management Act (FISMA), requires United States government agencies to develop, document and implement programs to protect the confidentiality, integrity and availability of IT systems.

At the core of FISMA are NIST special publications 800-53 and 800-92. These publications identify how government agencies will make use of security controls to ensure the confidentiality, integrity and availability of their IT computing resources. FISMA is categorized into different control names, such as AC-7 Unsuccessful Login Attempts or SI-3 Malicious Code Protection. A majority of the FISMA requirements can be monitored or audited by leveraging Tenable's Unified Security Monitoring solution, often in multiple ways.

As an example, requirement AC-7 Unsuccessful Login Attempts can be monitored both with Nessus and Tenable's Log Correlation Engine (LCE). Nessus configuration audit policies can ensure that systems are correctly logging unsuccessful login attempts. The LCE can also be used to log all successful logins, login failures and generate appropriate alerts. LCE login failures are normalized across all applications and network devices, not just operating systems.

Tenable has written a short white paper that shows the many different ways our logging, scanning and network monitoring technologies can be leveraged to monitor government networks for FISMA compliance.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.