FISMA Compliance and Reporting
FISMA compliance helps protect the security interests of the United States
The Federal Information Security Management Act (FISMA) requires federal agencies to develop, document and implement an information security program, FISMA compliance, to safeguard their information systems, including those provided or managed by another agency, contractor or other third party. Federal agencies have access to information that's very appealing to cyber criminals and terrorists, and that's why it's crucial for agencies to show FISMA compliance and protect their sensitive systems and data. Rapid7 products help you achieve FISMA compliance and protect your information systems from these cyber criminals.
Rapid7 can help you attain FISMA compliance by:
Conducting penetration tests and vulnerability scans for FISMA compliance
Both Nexpose and Metasploit can help you prove your FISMA compliance by finding vulnerabilities and verifying the exploitability of what's discovered. Use Nexpose to scan your critical systems for vulnerabilities, misconfigurations and malware. To validate the risk these threats pose to your systems, you can use Metasploit to find out how exploitable those vulnerabilities truly are in your environment.
Testing your internal and external defenses
Metasploit is a powerful weapon to test the robustness of your internal and external defenses. By conducting penetration tests or social engineering campaigns, you can find out exactly how your security systems would perform in a real-life attack scenario, and better yet, where they might fail. In the context of FISMA compliance, you can validate the level of exploitability of found vulnerabilities with Metasploit Pro.
Automatically delivering CyberScope-compatible reports for FISMA compliance
It's easy for Nexpose users to conduct monthly FISMA compliance reporting via CyberScope, as Nexpose uses both USGCB and FDCC checklists to create CyberScope-compatible reports. In addition, you can automatically and easily generate a variety of status reports in Nexpose, from high-level trend and executive summaries to tactical remediation plans.