SOLUTION BRIEF
WHITEPAPER
Discover how to achieve and maintain FISMA compliance to ensure security of systems and data.
Download now
WEBCASTDownload the Automating FISMA Compliance with Tripwire Enterprise solution brief.
Agencies and organizations in scope for FISMA compliance really face a dual responsibility. First, is to meet FISMA requirements by identifying and resolving risks and performing ongoing assessment and testing. Second, is to be able to protect critical information security assets. In fact, the loss of privacy of employee and citizen data due to a security breach, and not knowing who is accessing systems and in what manner, are the top worries that keep federal managers up at night.
Since the release of the FISMA standards, NIST has begun to promote an Information Security Automation Program (ISAP) to enable automation and standardization of technical security operations, which falls mainly into IT's lap. In fact, it is within IT that Tripwire can provide the means to automate continuous testing and reporting of critical IT process controls, reduce manual processes, and continually provide a detailed audit and forensic trail that meets FISMA requirements.
"Organizations should use compliance as an opportunity to implement technologies and processes that improve operational security as well as provide support for FISMA...compliance." 1
Automating FISMA Compliance with Tripwire Solutions
Tripwire offers FISMA configuration assessment policies based off the NIST framework to assess all configuration settings across the data canter determine the degree of risk for security and compliance vulnerabilities. Tripwire's automated reporting consolidates and documents all changes in a single verifiable audit trail to offer proof of accountability, independently verifying IT infrastructure and process integrity.
| FISMA Challenges: | How Tripwire Helps: |
|
Tedious reporting process Various methods used to collect the required security data No streamlined way to integrate all of the data coming in from various sources and methods Preparation time is time consuming and expensive |
Reduce Time and Resources Tripwire's provides you the proof required to verify compliance with a single, verifiable audit trail. With Tripwire, you receive sophisticated, automated reporting required to complete audits. Tripwire also helps reduce the resources required to prepare for audits. |
|
Making a passing grade doesn't ensure you have secure IT systems FISMA requires a process for assessing, testing and managing IT security, not securing IT systems |
Mitigate Security Risks Tripwire Enterprise monitors and reports on every change made across the data center regardless of source, detecting unauthorized change and non-conforming configurations to proactively discover and manage security and compliance exposure. |
|
Minimal automated, continuous testing and reporting of critical IT process controls. IT process testing often is a manual process |
Maintain Continuous Compliance Tripwire exposes unauthorized changes through reconciliation with expected changes and allows IT staff to immediately identify any exceptions and trigger remediation of configurations that do not conform to policy. |
1 Gartner, Inc., "Findings From 'Security and Risk' Meeting: Augment FISMA Reporting with Technical Controls to Improve Operational Security," Amrit T. Williams, John Pescatore, April 4, 2006
