SecureInfo’s RMS Security Compliance Solution First-to-Market with Final Draft of NIST Special Publication 800-37 for Federal Civilian Agencies

SAN ANTONIO, TEXAS – April 6, 2004, SecureInfo Corporation, a recognized leader in delivering enterprise information security solutions, announced today that RMS(tm) (Risk Management System) includes the final draft of Special Publications (SP) 800-37, which was released earlier today by the National Institute of Standards and Technology (NIST). SecureInfo’s automated RMS solution is focused on its ease-of-use capabilities allowing federal civilian agencies to reduce their manual efforts for security compliance required by the Federal Information Security Management Act (FISMA) by over 40 percent.

The E-Government Act (Public Law 107-347), which was signed into law by President Bush in December 2002, recognized the importance of information security to the economic and national security interests of the United States. As part of the NIST Special Publications project, FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or source. The final draft of SP 800-37 contains the revisions to the second public draft based on comments received during public review and feedback obtained from both the Government and private sector organizations which included SecureInfo.

“As a company, SecureInfo has developed many of the security policies accepted by the National Security Agency and standardized by the Department of Defense to protect high-risk Government systems,” stated Graham Palmer, Senior Vice President of Product Management and Marketing for SecureInfo. “We have created a valuable out-of-the-box solution that automates the time consuming process of developing a Requirements Traceability Matrix (RTM), mapping those requirements to a System Security Policy, and developing test procedures (based on the RTM) to conduct a Security Test and Evaluation required by FISMA and OMB Circular A-130.”

RMS will include the following capabilities highlighted in the final draft of SP 800-37:
* Provides security C&A enterprise workflow management and status reporting for the CIO and the Senior Agency Information Security Officer
* Creates an enterprise-wide perspective for the security C&A based on the identification of common security controls (Sections 2.1 and 2.4)
* Allows users to expedite the maximum allowable timeframe for information system interim approvals to operate (Section 2.5)
* Combines the final security C&A documentation into a single accreditation package (Section 2.6)
* Incorporates supplemental guidance for the security C&A of low impact information systems (Chapter 3 Introduction and Task List)
* Automates the summary table of security C&A tasks and subtasks

There will be one final review period for SP 800-37 running from April 7 – April 21, and the final publication is expected in May. Based on the urgency to finalize the security C&A guidance for federal agencies, SecureInfo’s RMS solution will reflect any changes and updates in order for agencies to quickly create C&A packages for audit approval.

About SecureInfo Corporation

Securing the largest networks in the world since 1992, SecureInfo delivers solutions that simplify and automate security compliance, vulnerability management and enterprise security operations. SecureInfo currently supports over 750,000 users across the globe and continues to innovate its solutions suite by providing a framework that integrates compliance, vulnerability and policy management with enterprise cyber security operations. SecureInfo’s solution suite enables clients to centrally manage enterprise risk by leveraging their existing technologies across a single platform. SecureInfo, an Inc. 500 Corporation, is recognized as one of the top 10 providers of Information Security Solutions to the Federal Government. Additional information is available at www.secureinfo.com.