FISMA COMPLIANCE SOLUTIONS

KEEP FEDERAL GOVERNMENT NETWORKS AND SYSTEMS SECURE

The Federal Information Security Management Act (FISMA) requires Federal agencies to develop, document, and implement an information security program to safeguard their systems and data. In addition to government agencies, FISMA also applies to contractors and third parties that use or operate an information system on behalf of a Federal agency.

One of the core requirements of FISMA is compliance with the United States Government Configuration Baseline (USGCB), which evolved from the Federal Desktop Core Configuration mandate (FDCC). USGCB is a government-wide initiative that provides guidance to Federal agencies on secure configuration settings for IT products, specifically on desktops and laptops. Security Content Automation Protocol (SCAP) validated technologies can be used to assess compliance of systems with USGCB.

HOW RAPID7 CAN HELP

Continuously assess systems for vulnerabilities

Continuously assess systems for vulnerabilities

Use Nexpose to meet vulnerability scanning requirements for FISMA compliance. Automatically discover new assets across physical, virtual, and mobile environments, and trigger an immediate risk assessment. Nexpose can also identify all hardware and software assets on the network to compare with an authorized inventory.

Test your internal and external defenses

Test your internal and external defenses

Simulate real-world attacks against your defenses to uncover weaknesses and verify the effectiveness of security controls with Metasploit. Validate the level of exploitability of vulnerabilities as required for FISMA compliance, and leverage closed–loop integration with Nexpose to prioritize exploitable vulnerabilities for remediation.

Classify and prioritize high risk level assets

Classify and prioritize high risk level assets

FISMA requires all systems and data to be categorized according to risk level and organizational value. Nexpose's RealContext™ feature enables you to automatically classify assets based on its business context, prioritize risks on high criticality assets, and immediately assign remediation tasks to the asset owner.

Automatically check for secure configurations

Automatically check for secure configurations

Use Nexpose to easily and automatically check system configuration settings across all assets in your organization against USGCB compliance requirements. Nexpose is a SCAP validated and USGCB certified scanner by NIST with built-in policies for auditing systems against standards such as USGCB, DISA STIGS, and CIS Benchmarks.

Simplify CyberScope compliance reporting

Simplify CyberScope compliance reporting

CyberScope is a web-based reporting tool launched by the Office of Management and Budget (OMB) for Federal agencies to submit security metrics for FISMA compliance. Nexpose provides built-in CyberScope-compatible reports in XML format, simplifying and automating the monthly FISMA and USGCB compliance reporting process.

Nexpose for Federal Government

How Nexpose Enterprise can help Federal agencies and departments

Download Now

FISMA Compliance Webcast

Discover simple steps to enable FISMA compliance

Download Now

FISMA Compliance Guide

Learn the requirements and steps in becoming FISMA compliant

Download Now