In 2002, the National Institute of Standards & Technology (NIST) was tasked with developing standards and guidelines to support the requirements set out in Federal Information Security Management Act of 2002 (FISMA).
FISMA created a requirement for all Federal agencies to have a functioning information security program for all assets, other than those designated as National Security Systems.
Although NIST has produced numerous Special Publications and other forms of guidance, NIST Special Publication 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations) is key to any Federal program as it provides a catalogue of required controls designed to protect and mitigate against today’s rapidly evolving threat landscape.
Federal government agencies are constantly under immense pressure to improve cybersecurity through an increased focus on various risk management initiatives. In an effort to better support these agencies, Tripwire has released an expanded platform and policy support for NIST 800-53 Revision 4, as well as expanded coverage of DISA STIGs in Tripwire Enterprise – a solution used to protect many of the largest, most sensitive government networks worldwide.
Tripwire Enterprise solutions combine the power of configuration management, change and threat detection, and file integrity monitoring, to deliver continuous compliance and automated audit evidence collection with exacting precision, intelligence business context and remediation insight.
As a pioneering vendor to complete SCAP 1.2 validation under NISTs National Voluntary Laboratory Program (NVLAP) and FIPS 140-2 compliant since 2010, Tripwire is continuously devoted to the support for federal government standards.
“Tripwire has been a strong supporter of government security standards for more than 15 years,” said John Klein, director of federal sales for Tripwire. “We’re committed to delivering continuous diagnostics and mitigation solutions that help government agencies and contractors become both compliant and more secure.”
By releasing policies and rules for Tripwire Enterprise, Tripwire has addressed a number of different requirements laid out in FISMA generally and NIST sp800-53 specifically, including:
- Automation of the implementation and management of security controls
- A continuous monitoring capability
- Ease of reporting in support of annual reviews
- Specific support of Configuration Management family of controls, System Integrity requirements and Information System monitoring
“Tripwire continues to invest heavily in policies that support our government partners,” said Dwayne Melancon, chief technology officer for Tripwire. “With over 400 policies and platforms supported, Tripwire currently offers the broadest coverage in the industry, and we focus significant resources on optimizing coverage specifically for government organizations.
Read More Here…