Meet ISO 27001 Compliance Requirements

Implementing Information Security for US Federal Agencies

All Federal Agencies Must Meet FISMA Security Mandate

The Federal Information Security Management Act of 2002 (FISMA) is a seminal law for information security in the United States. It requires US federal agencies to develop, document, and implement an approved information security strategy to protect agency systems and data.

NIST-Developed Security Controls Underpin FISMA

One consequence of FISMA is that NIST (the National Institute of Standards and Technology) developed information security standards and guidelines for federal agencies to follow. Another consequence is that many organizations beyond the federal government have chosen to implement these NIST Special Publication 800-53 security controls as part of their own security strategy.

Monitor Activity on Secured Systems

Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.

Monitor Activity on Secured Systems
Real-Time Notification of Sensitive Changes

Real-Time Notification of Sensitive Changes

Cygna Auditor's built-in and custom alerting notifies you of critical changes such as membership changes to privileged groups.

Privileged Account Management

Cygna Auditor allows you to monitor all changes made by privileged accounts to ensure they adhere to regulatory and organizational policies for the protection and privacy of data as well as that they do not abuse their unrestricted access.

Privileged Account Management

Examples of Addressed ISO 27001 Compliance Requirements

Most of the controls specified in ISO 27001 and applicable to Cygna Auditor are similar or identical to the controls specified in NIST Special Publication 800-53, the security control framework for the Federal Information Security Management Act of 2002 (FISMA) and a superset of the ISO 27001 controls. Appendix H of NIST 800-53 provides a mapping of ISO 27001 to NIST 800-53 controls; what follows is a sampling of controls that Cygna Auditor satisfies.

Organization of (internal) Information Security: 6.1.2, 6.1.5
Human Resource Security: 7.2.3, 7.3.1
Access Control: 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.1, 9.4.1, 9.4.2, 9.4.3
Operations Security: 12.1.2, 12.1.3, 12.4.1, 12.4.2, 12.4.3, 12.7.1
Communications Security: 13.1.1, 13.1.3, 13.2.1, 13.2.3
System acquisition, development and maintenance: 14.2.2, 14.2.3, 14.2.6, 14.2.9
Supplier Relationships: 15.2.1
Information security incident management: 16.1.2, 16.1.4, 16.1.5, 16.1.7
Information security aspects of business continuity management: 17.1.2, 17.1.3
Compliance: 18.1.3, 18.1.4, 18.2.2, 18.2.3