Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) was created in January of 2003 to introduce several security standards and guidelines required by Congress. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53A.
Security Information Managers are most concerned about the FISMA control requirements that relate to network and data security: AC (access Control); AU (Audit and Accountability); SC (System and Communications Protection); IR (Incident Response); and SI (System and Information Integrity).
FISMA Overview
FISMA states that each federal agency must develop and implement an agency-wide security program to protect the information and information systems that support the operational assets of the agency. These mandated requirements also fall on assets managed by other agencies or contractors. The requirements that the LogClarity® Enterprise Solution can automate or impact efficiency are as follows:
- Performing a Risk Assessment
- Audit and Accountability
- Continuous Monitoring of the Systems
- Incident Response
The FISMA legislation requires extensive log data collection and protection from abuse. It also requires analysis, correlation and forensics to be able to decipher unwarranted actions made towards the information system and or the critical data stored within the information system. Enforcement of security policies, user privilege changes and user access must be logged to ensure the information and the information system is secure.
Risk Assessments and Risk Mitigation processes are critical to maintaining FISMA compliance. Being able to clearly determine damage resulting from unauthorized access, disclosure, modification, or destruction of information and/or information systems is crucial.
The LogClarity® Enterprise Solution is able to analyze user and system activity by correlating network device logs, security events, database activity and data access events. This powerful audit trail provides crucial information that can be used for risk mitigation and risk assessment purposes. Deciphering expected actions as well as unwarranted ones can often provide critical information pertaining to prevention, detection and response to security breaches.
AU (Audit and Accountability)
FISMA is all about auditing and accountability of all actions made towards critical information systems and the data stored within those systems. The LogClarity® FISMA Compliance Solution provides unmatched auditing and accountability is several ways:
- Database Activity logging
- External Drive Tracking
- Privileged User Accountability
Commercial database do not provide native auditing of activity. This is a huge problem for organizations that must meet FISMA. LogClarity® provides Database Activity Logging in concert with logging of all other activity across the network, domain systems and data.
Member servers do not log any activity related to external drive connection to the network or use of external drives such as PDAs IPods or other devices. This is a huge source of data theft from insiders. LogClarity® solves this major security hole by logging connection and use of external drives enterprise-wide. LogClarity® logs a “New Drive” and what data is copied from or to the external drive.
Privileged users are dangerous to any enterprise because they know the weaknesses of the security infrastructure, and they likely know where the crown jewels are. This means that they are on the top of the list to be watched. LogClarity® logs any activity related to built-in privileged roles, groups, and accounts.
CM (Continuous Monitoring)
LogClarity® is designed with data security as its key focal point. Monitoring all critical access to information systems and critical data stored within file servers or databases is what LogClarity® was built to do.
LogClarity® Monitors:
- Data Stored on Critical Servers
- Data Stored inside Databases
- Data Stored on Network File Shares
Intelligent alerting based on pre-defined criteria can be enabled to identify actions that are outside the scope of acceptable use. LogClarity® monitors systems and data of any type across any system.
IR (Incident Response)
Incident Management and Response capabilities are one of the most important parts of any security program. If incidents are not identified quickly remediation takes longer and damage can increase exponentially.
The LogClarity® Enterprise Solution provides built-in Incident alerting and management functionality. Because LogClarity® logs and monitors all information system and data, the incident management is easily attained. Many point solution only provide incident management one focal point such as the database or just the network. LogClarity® provides continuous monitoring and unmatched log correlation, incident response measures and much more.
Find out how the LogClarity® Enterprise Solution can help your team achieve and maintain compliance.
