Implementing Information Security for US Federal Agencies
All Federal Agencies Must Meet FISMA Security Mandate
The Federal Information Security Management Act of 2002 (FISMA) is a seminal law for information security in the United States. It requires US federal agencies to develop, document, and implement an approved information security strategy to protect agency systems and data.
NIST-Developed Security Controls Underpin FISMA
One consequence of FISMA is that NIST (the National Institute of Standards and Technology) developed information security standards and guidelines for federal agencies to follow. Another consequence is that many organizations beyond the federal government have chosen to implement these NIST Special Publication 800-53 security controls as part of their own security strategy.
Examples of Addressed FISMA Compliance Requirements
Cygna Auditor addresses many of the controls specified in NIST Special Publication 800-53 revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations". Note that the list below is not exhaustive, but only a sample of requirements that Cygna Auditor can address.
Access Control: AC-1, AC-2, AC-3, AC-5, AC-6, AC-7, AC-9, AC-11, AC-12, AC-14, AC-17, AC-21, AC-22, AC-23
Security Assessment and Authorization: CA-2, CA-7, CA-8
Contingency Planning: CP-4, CP-6, CP-7, CP-10, CP-12
Incident Response: IR-4, IR-5, IR-6, IR-9
Media Protection: MP-2, MP-7
Audit and Accountability: AU-1, AU-2, AU-3, AU-4, AU-5, AU-6, AU-7, AU-8, AU-9, AU-10, AU-11, AU-12
Configuration Management: CM-2, CM-3, CM-4, CM-5, CM-6, CM-7, CM-9, CM-10, CM-11
Identification and Authentication: IA-2, IA-4, IA-5, IA-6, IA-8
Maintenance: MA-2, MA-4
System and Information Integrity: SI-4, SI-5, SI-6, SI-7, SI-12
Monitor Activity on Secured Systems
Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.
Real-Time Notification of Sensitive Changes
Cygna Auditor's built-in and custom alerting notifies you of critical changes such as membership changes to privileged groups.
Privileged Account Management
Cygna Auditor allows you to monitor all changes made by privileged accounts to ensure they adhere to regulatory and organizational policies for the protection and privacy of data as well as that they do not abuse their unrestricted access.