Elemental Security today announced a new policy framework to help federal government organizations measurably improve their compliance with the Federal Information Security Management Act (FISMA).
Based on the U.S. Government’s implementation resource guide – the National Institute of Standards and Technology (NIST) “Recommended Security Controls for Federal Information Systems” (Special Publication 800-53) – Elemental’s new policy framework helps organizations adhere to FISMA best practices for network access control and automated security policy management, as well as for systems and software inventory classification as defined in the NIST document “Standards for Security Categorization of Federal Information and Information Systems” (FIPS Publication 199).
According to Gartner, Inc., “Government organizations that are required to meet FISMA compliance should use [compliance] as a control framework -Â¦ and for asset clarification. Use compliance as an opportunity to improve operational security not only by defining assets and documenting the current state of the organization, but also by implementing control objectives that drive effective risk analysis and management.” Moreover, “Organizations should use compliance as an opportunity to implement technologies and processes that improve operational security as well as provide support for FISMA and FIPS 199 compliance.”
Available later this month, Elemental’s FISMA policy is the newest regulatory policy framework available in Elemental’s policy and risk management product, the Elemental Security Platform (ESP). ESP helps government organizations classify systems as defined in FIPS Publication 199 by continuously monitoring the configuration, inventory, and networking activity of machines on the network. This enables security administrators to target and automatically provision their policies based on the classification and behavior of systems. Additionally, as changes in the classification, behavior, or compliance of hosts are observed, ESP automatically adjusts policy deployments accordingly.