• Close
  • FISMA COMPLIANCE SOLUTIONS

    KEEP FEDERAL GOVERNMENT NETWORKS AND SYSTEMS SECURE

    The Federal Information Security Management Act (FISMA) requires Federal agencies to develop, document, and implement an information security program to safeguard their systems and data. In addition to government agencies, FISMA also applies to contractors and third parties that use or operate an information system on behalf of a Federal agency.

    One of the core requirements of FISMA is compliance with the United States Government Configuration Baseline (USGCB), which evolved from the Federal Desktop Core Configuration mandate (FDCC). USGCB is a government-wide initiative that provides guidance to Federal agencies on secure configuration settings for IT products, specifically on desktops and laptops. Security Content Automation Protocol (SCAP) validated technologies can be used to assess compliance of systems with USGCB.

    HOW RAPID7 CAN HELP

    Continuously assess systems for vulnerabilities

    Continuously assess systems for vulnerabilities

    Use Nexpose to meet vulnerability scanning requirements for FISMA compliance. Automatically discover new assets across physical, virtual, and mobile environments, and trigger an immediate risk assessment. Nexpose can also identify all hardware and software assets on the network to compare with an authorized inventory.

    Test your internal and external defenses

    Test your internal and external defenses

    Simulate real-world attacks against your defenses to uncover weaknesses and verify the effectiveness of security controls with Metasploit. Validate the level of exploitability of vulnerabilities as required for FISMA compliance, and leverage closed–loop integration with Nexpose to prioritize exploitable vulnerabilities for remediation.

    Classify and prioritize high risk level assets

    Classify and prioritize high risk level assets

    FISMA requires all systems and data to be categorized according to risk level and organizational value. Nexpose's RealContext™ feature enables you to automatically classify assets based on its business context, prioritize risks on high criticality assets, and immediately assign remediation tasks to the asset owner.

    Automatically check for secure configurations

    Automatically check for secure configurations

    Use Nexpose to easily and automatically check system configuration settings across all assets in your organization against USGCB compliance requirements. Nexpose is a SCAP validated and USGCB certified scanner by NIST with built-in policies for auditing systems against standards such as USGCB, DISA STIGS, and CIS Benchmarks.

    Simplify CyberScope compliance reporting

    Simplify CyberScope compliance reporting

    CyberScope is a web-based reporting tool launched by the Office of Management and Budget (OMB) for Federal agencies to submit security metrics for FISMA compliance. Nexpose provides built-in CyberScope-compatible reports in XML format, simplifying and automating the monthly FISMA and USGCB compliance reporting process.

    Nexpose for Federal Government

    How Nexpose Enterprise can help Federal agencies and departments

    Download Now

    FISMA Compliance Webcast

    Discover simple steps to enable FISMA compliance

    Download Now

    FISMA Compliance Guide

    Learn the requirements and steps in becoming FISMA compliant

    Download Now