FISMA Compliance and Reporting

FISMA compliance helps protect the security interests of the United States

The Federal Information Security Management Act (FISMA) requires federal agencies to develop, document and implement an information security program, FISMA compliance, to safeguard their information systems, including those provided or managed by another agency, contractor or other third party. Federal agencies have access to information that's very appealing to cyber criminals and terrorists, and that's why it's crucial for agencies to show FISMA compliance and protect their sensitive systems and data. Rapid7 products help you achieve FISMA compliance and protect your information systems from these cyber criminals.

Rapid7 can help you attain FISMA compliance by:

Achieve FISMA compliance with Nexpose and Metasploit

Conducting penetration tests and vulnerability scans for FISMA compliance

Both Nexpose and Metasploit can help you prove your FISMA compliance by finding vulnerabilities and verifying the exploitability of what's discovered. Use Nexpose to scan your critical systems for vulnerabilities, misconfigurations and malware. To validate the risk these threats pose to your systems, you can use Metasploit to find out how exploitable those vulnerabilities truly are in your environment.

Validate the vulnerabilities that are keeping you from achieving FISMA compliance with Metasploit

Testing your internal and external defenses

Metasploit is a powerful weapon to test the robustness of your internal and external defenses. By conducting penetration tests or social engineering campaigns, you can find out exactly how your security systems would perform in a real-life attack scenario, and better yet, where they might fail. In the context of FISMA compliance, you can validate the level of exploitability of found vulnerabilities with Metasploit Pro.

Automatically deliver Cyberscope reports showing FISMA compliance

Automatically delivering CyberScope-compatible reports for FISMA compliance

It's easy for Nexpose users to conduct monthly FISMA compliance reporting via CyberScope, as Nexpose uses both USGCB and FDCC checklists to create CyberScope-compatible reports. In addition, you can automatically and easily generate a variety of status reports in Nexpose, from high-level trend and executive summaries to tactical remediation plans.

FISMA Compliance Guide

Learn the requirements and steps in becoming FISMA compliant

Download Now

FISMA Webcast

Learn the recent mandates that effect federal agencies in becoming FISMA compliant

Watch Now

Nexpose Product Brief

Learn more about Nexpose for vulnerability management

Download Now