The Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002, outlines requirements to secure federal information.
Each federal agency, including contractors or other organizations who work with the agency, must develop, document, and implement an agency-wide information security program. The National Institute for Standards and Technology (NIST) provides detailed guidance and recommendations for FISMA compliance. NIST guidelines encompass all aspects of information security. FISMA sections 3544 and 3505 require the following:
- Compliance for every IT system – Required identification of all systems in use and that access federal information, and validation of their compliance. To help aid agencies in obtaining this, NIST has released a series of guidelines, checklists, and templates that detail acceptable configurations for systems.
- Risk assessment – The agency must have an agency-wide information security program that includes controls and checks to ensure effectiveness, including reporting on existing risks and responses.
- Incident response – The NIST Controls document outlines specific steps to follow and functions to perform depending on the level of threat posed by the environment.
- Intrusion detection – Requires reporting on cybersecurity, risks, and responses.
- Boundary protection – Systems and applications should be protected from unauthorized access, both from outside the agency and its contractors, and from within.
- Compliance reporting – Requires detailed reporting on FISMA compliance status.
- Improving compliance using Axxera SIEM helps agencies improve their FISMA compliance. Axxera SIEM integrates with 3rd party tools like vulnerability management which ensures your agency can effectively and easily implement the security best practices recommended by NIST.
Axxera provides the most effective way to establish, enforce, monitor, and manage the security policies you need to ensure compliance and protect your agency's federal information assets.
Axxera Addresses FISMA Requirements
Axxera CI provides the following capabilities critical to comprehensive security and FISMA compliance:
|NIST 800-53 Requirement||The Axxera CI Solution|
|CA-7 Continuous Monitoring||Axxera CI delivers continuous monitoring for security events, anomalous behavior, configuration changes and policy violations, and vulnerability exposure. Axxera CI SIEM integrates with over 250 3rd party Security tools.|
CI SIEM Product
|IR-5 Incident Monitoring||Security events are marked Impact Flags based on the asset profile and vulnerability information to speed analysis and allow analysts to focus on critical events.|
Management Console for SOC
|RA-3 Risk Assessment||Axxera CI Portal creates a real-time profile of the OS, applications, databases. Configuration changes result in a continuously updated risk assessment vs. known vulnerabilities.|
|RA-5 Vulnerability Scanning SI-3 Intrusion Detection Tools and Techniques||Axxera CI creates a real-time profile of the OS, applications, services, databases of known vulnerabilities.|
|SI-3 Intrusion Detection Tools and Techniques||Axxera CI SIEM exceeds the recommended protection with its own proprietary tools for IDS/IPS documented in NIST 800-53.|
|CM-1 Configuration Management Policy and Procedures||Axxera CI SIEM integrates with 3rd party tools with over 250 sensors built to integrate and generate automated ticketing via its ticketing system and displaying on CI Portal. The system automates monitoring and enforcement of configuration policy.|
|CI SIEM Product
|CM-4 Monitoring Configuration Changes||The 3D System enables users to implement baseline configuration policies for all Security products it integrates. The system automates monitoring and enforcement of configuration policy via its Ticketing system & Portal.|