|
The Federal Information
Security Management Act (FISMA), Title III of the
E-Government Act of 2002, outlines requirements for securing Federal
information. It requires each federal agency to develop, document, and
implement an agency-wide program to provide information security for the
information and information systems that support the operations and
assets of the agency, including those provided or managed by another
agency, contractor, or other source.
What an organization does to maintain good security operations is one
thing, and many departments have the talent to be secure. But FISMA
compliance presents an enormous amount of work required by IT and
security teams to meet these additional set of challenges and are
forcing managers to focus on compliance to avoid penalties.
Office of Management and Budget (OMB) through Circular A-130, Appendix
III, Security of Federal Automated Information Resources, requires
executive agencies within the federal government to:
• Plan for security;
• Ensure that appropriate officials are assigned security
responsibility;
• Periodically review the security controls in their information
systems; and
• Authorize system processing prior to operations and, periodically,
thereafter.
FISMA regulations establish policy guidelines and reporting instructions
to ensure that all federal departments and agencies take a "risk-based,
cost-effective approach to secure their information and systems,
identify and resolve current IT security weaknesses and risks, as well
as protect against future vulnerabilities and threats."
Most agencies today have some level of defined internal policies for IT
security, but many have insufficient mechanisms to measure compliance
and enforce those policies. While many security managers are eager to
enforce these measures and show the auditors their best practices in
vulnerability scanning, patch management, and incident reporting.
Becoming FISMA compliant can be challenging and frustrating as auditors
are concentrating more and more on paperwork. AMZNET can help your
agency to enforce these security policies and processes to strengthen
the foundation for both a secure internal network as well as external
regulatory compliance.
Contact us for more
information
Download E-Government Act of 2002
|
