Automate FISMA Compliance & NIST Continuous Monitoing Requirements
The Federal Information Security Management Act (FISMA) of 2002 requires government agencies to develop, document and implement an agency-wide information security program to protect the information systems that support the agency. FISMA regulation requires annual reviews of agency-wide information security programs to:
- Properly categorize all information & systems data collected, maintained by, or on behalf of each agency to meet specific risk criteria
- Maintain inventory of all information systems types
- Perform ongoing controls testing to ensure minimum information security requirements
Rsam for FISMA Compliance
Rsam's automates cumbersome FISMA compliance activities and provides a centralized, web-enabled platform to categorize all information systems, assess their controls based on risk and information classifications levels and recording related documentation. Federal, State and local agencies leverage the Rsam FISMA compliance solution to:
- Schedule & launch FISMA assessment cycles
- Eliminate duplicate data entry for hybrid and common controls
- Manage C&A (certification & accreditation) processes / workflows
- Identify compliance gaps
- Recording control testing results
- Track POA&M (Plan of Action & Milestones).
- Extensive Library of Controls – Rsam comes pre-populated with FISMA / NIST content at the entity and system levels, which can be further customized to match the specific scope of assessment. Leverage out of the box NIST 800-53A assessment procedures and document controls testing results.
- Integration with Industry-Leading Scanning Tools – Rsam comes with both pre-defined mappings to leading tools as well as flexibility to create your own via a simple 'point & click" mapping interface. Leverage existing mappings for tools such as: AppScan, AppDetective, Fortify, Foundstone, QualysGuard VM & QualysGuard PC, Nessus, Nexpose, WebInspect, and others.
- Workflow to Mirror Any Existing Assessment Process – Dynamic Workflow bends to meet your most complex processes – not vice-versa. Map virtually every aspect of your current workflow to match organizational priorities. Manage timeframes, certification processes & assessment cycles as required by FISMA compliance. Upon completion, the process can automatically be passed to other users for review or additional input.
- Create Compliance Gaps Repository for Centralized Remediation – Create a central repository of manageable data/non-compliant findings from scanners, surveys, auditors, etc. Develop and prioritize remediation strategies and action plans to manage unlimited remediation initiatives across the enterprise.
- Deliver Real-time, Actionable Reporting – Rsam 50+, out-of-the-box roll-up/ drill-down reporting delivers actionable information to key stakeholders. Organizations can also launch their own custom reports, either in Microsoft SSRS and/or Crystal reports, directly from Rsam. All data entered into Rsam is immediately available for consumption by Rsam analytic engines, reporting structures and dashboards within the application giving end-users access to real-time data.