Federal Information Security Management Act (FISMA) Security Framework
FISMA is the US Government Federal Information Security Management Act. It was passed by congress and signed into law in December of 2002 as part of the E-Government Act in order to address the issue of the information security of all US Government agencies. The US Government agency NIST, the National Institute of Standards and Technology, provides a framework to aid agencies in implementing the programs for compliance with FISMA in the form of several standards, requirements, guidelines and recommendations documents.
An overview can be found here: http://csrc.nist.gov/groups/SMA/fisma/overview.html
The text of FISMA can be found here: http://csrc.nist.gov/drivers/documents/FISMA-final.pdf
Ensuring the confidentiality, security, and integrity of data and information systems is a critical concern for federal agencies and contractors. The Federal Information Security Management Act (FISMA) and other regulatory compliance mandates require that organizations prove that access to data is tightly controlled and highly secure. Who has access to systems holding financial records? Who has access to Share information? What are internal security vulnerabilities? Are security policies and patch levels up to date? Are configuration changes being identified and monitored? What policies are changing within Active Directory? Without these answers, federal agencies face the prospect of more than just negative publicity from their poor FISMA grade. They may face delays or even cuts in their funding among other consequences.
- Password Aging
- User Privileges
- System Privileges
- Remote Access
- Consolidated Change Logs
- NTFS Permissions
- Role Permissions & Membership
- User Access
- Auditing Enabled