Meeting FISMA Compliance With EventTracker: The Importance of Consolidation, Correlation, and Detection Enterprise Security Series

Date Added: Aug 2009
Format: PDF

The Federal Information Security Management Act of 2002 (FISMA) was passed with the purpose of improving computer and network security at government agencies and government contractors. The Act called for increased security standards and yearly audits of the systems and processes, and tasked the National Institute of Standards and Technology (NIST) to come up with a set of standards and guidelines, in effect a set of documents that provide a framework for risk management, security and compliance. The NIST approach is to have agencies and contractors adopt a risk based approach - to independently assess systems, decide on security controls from NIST supplied guidelines, and then authorize the use of the system, with subsequent periodic reviews and reauthorization.