Meet FISMA Compliance Requirements

Implementing Information Security for US Federal Agencies

All Federal Agencies Must Meet FISMA Security Mandate

The Federal Information Security Management Act of 2002 (FISMA) is a seminal law for information security in the United States. It requires US federal agencies to develop, document, and implement an approved information security strategy to protect agency systems and data.

NIST-Developed Security Controls Underpin FISMA

One consequence of FISMA is that NIST (the National Institute of Standards and Technology) developed information security standards and guidelines for federal agencies to follow. Another consequence is that many organizations beyond the federal government have chosen to implement these NIST Special Publication 800-53 security controls as part of their own security strategy.

Monitor Activity on Secured Systems

Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.

Monitor Activity on Secured Systems
Real-Time Notification of Unusual Activity

Real-Time Notification of Unusual Activity

Cygna Auditor's built-in and custom alerting notifies you of unusual activity on secured systems such as scripted permission changes, or mass file updates typical of ransomware.

Monitor Relevant Group Membership

Keep access to secured systems data to a minimum with Cygna Auditor's group reports that show membership of system users and administrators.

Monitor Relevant Group Membership
Monitor Secured System Permissions

Monitor Secured System Permissions

Keeping group membership current is only a partial solution; you must ensure that permissions on secured systems stay correct. Cygna Auditor's permissions reports enable you to be sure the system's configuration remains what it needs to be.

Examples of Addressed FISMA Compliance Requirements

Cygna Auditor addresses many of the controls specified in NIST Special Publication 800-53 revision 4, "Security and Privacy Controls for Federal Information Systems and Organizations". Note that the list below is not exhaustive, but only a sample of requirements that Cygna Auditor can address.

Access Control: AC-1, AC-2, AC-3, AC-5, AC-6, AC-7, AC-9, AC-11, AC-12, AC-14, AC-17, AC-21, AC-22, AC-23
Audit and Accountability: AU-1, AU-2, AU-3, AU-4, AU-5, AU-6, AU-7, AU-8, AU-9, AU-10, AU-11, AU-12
Security Assessment and Authorization: CA-2, CA-7, CA-8
Configuration Management: CM-2, CM-3, CM-4, CM-5, CM-6, CM-7, CM-9, CM-10, CM-11
Contingency Planning: CP-4, CP-6, CP-7, CP-10, CP-12
Identification and Authentication: IA-2, IA-4, IA-5, IA-6, IA-8
Incident Response: IR-4, IR-5, IR-6, IR-9
Maintenance: MA-2, MA-4
Media Protection: MP-2, MP-7
System and Information Integrity: SI-4, SI-5, SI-6, SI-7, SI-12