DEFINITION:
Formally titled "The Federal Information Security Management Act of 2002", FISMA was passed as part of the Homeland Security Act of 2002 and the E-Government Act of the same year and imposes strong requirements to rapidly improve the security of government information.
CHALLENGE:
FISMA requires federal agencies to establish agency-wide risk-based information security programs to secure the information and information systems that support their associated operations and assets and demonstrate how well they are meeting all of FISMA's provisions. FISMA's provisions fall into three major categories: assessment, enforcement and compliance. Agencies that fail to comply with the mandates of FISMA risk facing budget or resource cuts.
FISMA applies to any federal agencies, contractors, or organizations whose information systems possess or make use of federal information.
SOLUTION:
QualysGuard® enables agencies to audit and measure their network risk, enforce security policies and document compliance with FISMA requirements. If a machine, network device, or application is out of compliance, if data is not secure, if a router is misconfigured, if a database is located in an insecure location, QualysGuard will explain the policy violation, and tell you how to remediate the violation through the use of a configuration change or a verified patch from a vendor.
Qualys® also provides executive and technical-level reports to measure and certify ongoing compliance efforts for FISMA.
