FISMA COMPLIANCE SOLUTIONS
KEEP FEDERAL GOVERNMENT NETWORKS AND SYSTEMS SECURE
The Federal Information Security Management Act (FISMA) requires Federal agencies to develop, document, and implement an information security program to safeguard their systems and data. In addition to government agencies, FISMA also applies to contractors and third parties that use or operate an information system on behalf of a Federal agency.
One of the core requirements of FISMA is compliance with the United States Government Configuration Baseline (USGCB), which evolved from the Federal Desktop Core Configuration mandate (FDCC). USGCB is a government-wide initiative that provides guidance to Federal agencies on secure configuration settings for IT products, specifically on desktops and laptops. Security Content Automation Protocol (SCAP) validated technologies can be used to assess compliance of systems with USGCB.
HOW RAPID7 CAN HELP
Continuously assess systems for vulnerabilities
Use Nexpose to meet vulnerability scanning requirements for FISMA compliance. Automatically discover new assets across physical, virtual, and mobile environments, and trigger an immediate risk assessment. Nexpose can also identify all hardware and software assets on the network to compare with an authorized inventory.
Test your internal and external defenses
Simulate real-world attacks against your defenses to uncover weaknesses and verify the effectiveness of security controls with Metasploit. Validate the level of exploitability of vulnerabilities as required for FISMA compliance, and leverage closed–loop integration with Nexpose to prioritize exploitable vulnerabilities for remediation.
Classify and prioritize high risk level assets
FISMA requires all systems and data to be categorized according to risk level and organizational value. Nexpose's RealContext™ feature enables you to automatically classify assets based on its business context, prioritize risks on high criticality assets, and immediately assign remediation tasks to the asset owner.
Automatically check for secure configurations
Use Nexpose to easily and automatically check system configuration settings across all assets in your organization against USGCB compliance requirements. Nexpose is a SCAP validated and USGCB certified scanner by NIST with built-in policies for auditing systems against standards such as USGCB, DISA STIGS, and CIS Benchmarks.
Simplify CyberScope compliance reporting
CyberScope is a web-based reporting tool launched by the Office of Management and Budget (OMB) for Federal agencies to submit security metrics for FISMA compliance. Nexpose provides built-in CyberScope-compatible reports in XML format, simplifying and automating the monthly FISMA and USGCB compliance reporting process.