TRENDING:

Real-Time FISMA Compliance Monitoring

Tenable Network Security, Inc. • January 1, 2010  
Real-Time FISMA Compliance Monitoring The E-Government Act, passed into law in December 2002, recognized that information security is essential to protect the nation's economic and national security interests. Title III of the E-Government Act, the Federal Information Security Management Act (FISMA), requires United States government agencies to develop, document and implement programs to protect the confidentiality, integrity and availability of IT systems.

At the core of FISMA are NIST special publications 800-53 and 800-92. These publications identify how government agencies will make use of security controls to ensure the confidentiality, integrity and availability of their IT computing resources. FISMA is categorized into different control names, such as AC-7 Unsuccessful Login Attempts or SI-3 Malicious Code Protection. A majority of the FISMA requirements can be monitored or audited by leveraging Tenable's Unified Security Monitoring solution, often in multiple ways.

As an example, requirement AC-7 Unsuccessful Login Attempts can be monitored both with Nessus and Tenable's Log Correlation Engine (LCE). Nessus configuration audit policies can ensure that systems are correctly logging unsuccessful login attempts. The LCE can also be used to log all successful logins, login failures and generate appropriate alerts. LCE login failures are normalized across all applications and network devices, not just operating systems.

Tenable has written a short white paper that shows the many different ways our logging, scanning and network monitoring technologies can be leveraged to monitor government networks for FISMA compliance.

Previous
Five Ways to Reduce Your IT Audit Tax
Next
Clearance Application Data Protection



Around the Network

Securing OT and IoT Assets in an Interconnected World
Securing OT and IoT Assets in an Interconnected World
Integrating Generative AI Into the Threat Detection Process
Integrating Generative AI Into the Threat Detection Process
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
Why Cyber Defenders Need Partnerships, Tools and Education
Why Cyber Defenders Need Partnerships, Tools and Education
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools
How to Simplify Data Protection within your Organization
How to Simplify Data Protection within your Organization
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Are We Facing a Massive Cybersecurity Threat?
Are We Facing a Massive Cybersecurity Threat?
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.