FISMA

The E-Government Act, passed into law in December 2002, recognizes that information security is essential to protect the nation‘s economic and national security interests. Title III of the E-Government Act, the Federal Information Security Management Act (FISMA), requires United States government agencies to develop, document and implement programs to protect the confidentiality, integrity and availability of IT systems.

Where Tenable Can Help

The vulnerability scanning, configuration auditing and log collection in Tenable’s solution helps to automate many different types of FISMA reporting activities. Our whitepaper "Real-Time FISMA Compliance Monitoring" details how these processes can be performed on a continuous basis.

Tenable automates many of the requirements of NIST regulation 800-53. Nessus is most commonly used in the federal government to fulfill the RA-5 Vulnerability Scanning requirement. Many of our larger federal customers deploy dozens of Nessus scanners managed by one instance of Tenable SecurityCenter to audit vulnerabilities for thousands of systems. For continuous monitoring, multiple Tenable Passive Vulnerability Scanners can be deployed across the network to evaluate vulnerabilities in real-time.

Tenable can also assist in many other FISMA requirements beyond vulnerability scanning. For example, for Access Control, compliance with AC-7 Unsuccessful Login Attempts can be demonstrated with Tenable Log Correlation Engine. Any type of login failure can be easily gathered, monitored, and reported. Nessus configuration audits can also be scheduled, which ensure that login failures are successfully captured. Compliance with SI-3 Malicious Code Protection can also be demonstrated with a Nessus credentialed scan that enumerates anti-virus software and ensures it is up to date and configured correctly.