Tripwire FISMA Compliance - Achieve & Maintain Compliance with Federal Standards

This NIST guide describes a security control framework that is required for all non-federal entities that store and hold federal Controlled Unclassified Information (CUI) data. This includes contractors, system integrators, state and local governments and schools. Tripwire products can be used today to meet many of the NIST 800-171 core requirements. 

FISMA compliance requires using a risk-based approach to systems security management. The Risk Management Framework (RMF) is a practice that adjusts security controls based on risk factors. The process involves a continuous cycle of identifying new threats, choosing effective controls, measuring their effectiveness and improving system security.

RMF provides the outline for the security accreditation process and Authority to Operate (ATO) of government systems. RMF guidance comes from a number of sources including NIST 800-37 and the DODI 8510.01. Tripwire’s support of the RMF comes from its ability to provide fundamental controls and comprehensive context to assess the risks outlined in RMF.

Tripwire provides configuration hardening guidelines, policy assessment and remediation assistance on many standard policies and frameworks useful to the Federal Government. See the complete list of policies and platforms supported.

Tripwire maintains the following product validations and certifications:

• SCAP validation
• Common Criteria certified
• Section 508 VPAT
• FIPS 140-2 certified