The US Federal Information Security Management Act (FISMA) of 2002 requires US federal government organizations to implement comprehensive information and data security programs, in order to identify and mitigate IT-related risks and failures.
FISMA also requires federal organizations to send annual reports to the Office of Management and Budget (OMB) on the security situation of their IT departments, with the support and supervision of internal and external independent auditors.
The National Institute of Standards and Technology (NIST) is the organization responsible for defining the compliance process and for creating the security standards and controls established by FISMA. NIST periodically distributes special publications with compliance instructions for federal organizations.
How Modulo Risk Manager can help your business with FISMA compliance:
- Automates application of controls and specifications established by the NIST, including NIST 800-53 – Special Publication 800-53 – Recommended Security Controls for Federal Information Systems, which outlines the security protections that should be put in place in federal information systems.
- Supplies managerial reports that allow assessment of the risk level to which the IT department is exposed
- Provides technical advice on implementation of controls and minimization of security risks and failures.A continuously updated knowledge base makes knowledge available throughout the organization
- Automates the issuing of reports to support planning of security actions
- Provides an action plan and action priorities, as defined in the "Plan of Action and Milestone" model: POA&M