Implementing Information Security for US Federal Agencies

All Federal Agencies Must Meet FISMA Security Mandate

The Federal Information Security Management Act of 2002 (FISMA) is a seminal law for information security in the United States. It requires US federal agencies to develop, document, and implement an approved information security strategy to protect agency systems and data.

NIST-Developed Security Controls Underpin FISMA

One consequence of FISMA is that NIST (the National Institute of Standards and Technology) developed information security standards and guidelines for federal agencies to follow. Another consequence is that many organizations beyond the federal government have chosen to implement these NIST Special Publication 800-53 security controls as part of their own security strategy.

Addressed PCI Compliance Requirements

Cygna Auditor addresses Requirements 7 (Restrict access to cardholder data by business need to know) and 10 (Track and monitor all access to network resources and cardholder data) of the PCI DSS standard.


Limit access to system components and cardholder data to only those individuals whose job requires such access


Implement automated assessment trails for all individual user accesses to cardholder data


Implement automated assessment trails for all actions taken by any individual with root or administrative privileges


Implement automated assessment trails for access to all audit trails


Implement automated assessment trails for invalid Logical Access attempts


Implement automated assessment trails for use of and changes to identification and authentication mechanisms and all changes, additions, or deletions to accounts with root or administrative privileges


Implement automated assessment trails for initialization of Assessment Logs


Implement automated assessment trails for Creation and Deletion of System Level Objects


Record at least User Identification, Type of Event, Date and Time, Success or Failure Indication, Origination of Event, and Identity or name of effected data, system component, or resource


Review logs and security events for all system components to identify anomalies or suspicious activity

Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.

Monitor Activity on Secured Systems

Cygna Auditor's built-in and custom alerting notifies you of critical changes such as membership changes to privileged groups.

Real-Time Notification of Sensitive Changes

Cygna Auditor allows you to monitor all changes made by privileged accounts to ensure they adhere to regulatory and organizational policies for the protection and privacy of data as well as that they do not abuse their unrestricted access.

Privileged Account Management

Meet PCI Comliance Requirements

Schedule a Demo