The Federal Information Security Management Act (FISMA) requires Federal agencies to develop, document, and implement an information security program to safeguard their systems and data. In addition to government agencies, FISMA also applies to contractors and third parties that use or operate an information system on behalf of a Federal agency.
One of the core requirements of FISMA is compliance with the United States Government Configuration Baseline (USGCB), which evolved from the Federal Desktop Core Configuration mandate (FDCC). USGCB is a government-wide initiative that provides guidance to Federal agencies on secure configuration settings for IT products, specifically on desktops and laptops. Security Content Automation Protocol (SCAP) validated technologies can be used to assess compliance of systems with USGCB.
Which regulations matter to you?
We'll help you determine which regulations your organization needs to meet.
Contact UsHow Rapid7 helps get you FISMA compliant
Continuously assess systems for vulnerabilities
Use InsightVM to meet vulnerability scanning requirements for FISMA compliance. Automatically discover new assets across physical, virtual, and mobile environments, and trigger an immediate risk assessment. Nexpose can also identify all hardware and software assets on the network to compare with an authorized inventory.
Test your internal and external defenses
Simulate real-world attacks against your defenses to uncover weaknesses and verify the effectiveness of security controls with Metasploit. Validate the level of exploitability of vulnerabilities as required for FISMA compliance, and leverage closed–loop integration with Nexpose to prioritize exploitable vulnerabilities for remediation.
Classify and prioritize high risk level assets
FISMA requires all systems and data to be categorized according to risk level and organizational value. Nexpose's RealContext™ feature enables you to automatically classify assets based on its business context, prioritize risks on high criticality assets, and immediately assign remediation tasks to the asset owner.
Automatically check for secure configurations
Use InsightVM to easily and automatically check system configuration settings across all assets in your organization against USGCB compliance requirements. InsightVM is a SCAP validated and USGCB certified scanner by NIST with built-in policies for auditing systems against standards such as USGCB, DISA STIGS, and CIS Benchmarks.
Simplify CyberScope compliance reporting
CyberScope is a web-based reporting tool launched by the Office of Management and Budget (OMB) for Federal agencies to submit security metrics for FISMA compliance. InsightVM provides built-in CyberScope-compatible reports in XML format, simplifying and automating the monthly FISMA and USGCB compliance reporting process.
