Using FISMA To Build Your Security Initiative

[The following is excerpted from "FISMA Lifts All Compliance Boats," a new report published this week in Dark Reading's Compliance Tech Center.]

FISMA, or the Federal Information Security Management Act, is both easier and more difficult to comply with than many other security mandates because of its level of exacting specificity.

FISMA, a U.S. federal law enacted in 2002, mandates a baseline of computer and network security within the federal government and affiliated parties. The National Institute of Standards and Technology (NIST) has developed the standards and guidelines agencies must follow to implement FISMA. The core tenets of FISMA are included in a few documents put forward by NIST.

NIST breaks down each of the 17 core security control classes into a neatly organized spreadsheet that contains many subcontrols. For example, Account Management is just one of the 22 subcontrols in the Access Control class.

While FISMA goes into very granular detail about what is required for compliance, there are some broader categories of tools, technologies, and strategies that security professionals should be considering when evaluating their FISMA compliance and/or readiness for compliance. Vulnerability scanning, perimeter defense, guest access, malware defense, and log management are just some of the functions outlined by the compliance requirements.

To find out more about FISMA's requirements -- and how they might match up with your goals and directions in enterprise security -- download the full report on FISMA and security.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.