Overview US Federal agencies are required to comply with Federal Information Security Management Act of 2014 amending initial FISMA Act of 2002. FISMA requires to develop, document, and implement controls to protect US federal agency information and information technology systems supporting their operations and assets including those managed or provided by any third party or other agency. FISMA defines information security as the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide for confidentiality, integrity, and availability of informa¬tion and information systems. Since FY 2016, OMB and the DHS (Department of Homeland Security) have established the CIO FISMA metrics around NIST (National Institute of Standards and Technology) Cybersecurity Framework. FISMA requires each federal agency (and related contractors) to:
Fisma Compliance Program The FISMA Compliance Program is designed to answer questions raised by any company that stores, processes or transmits US federal agency information while evaluating and selecting products to support the FISMA requirements. This Compliance Program provides validated evidence about a product’s features and capabilities to support the FISMA requirements. FISMA Compliance Testing and analysis cover several aspects of the product including:
Fisma Compliance testing criteria Compliance testing is conducted by trained analysts against the FISMA Compliance Program criteria, as well as Compliance Labs functional and quality assurance requirements. FISMA Compliance Program criteria rely on NIST SP800-53 requirements and NIST Cybersecurity Framework as a standard for managing and reducing cybersecurity risks, organized around the framework’s five functions: Identify, Protect, Detect, Respond, and Recover. The compliance analyst will report the results of each phase of testing in the Reports of Compliance, and also documents the product components submitted by the vendor and the configuration of the product tested. Continuous Evaluation Process Compliance Labs has developed the FISMA continuous evaluation process as a fundamental aspect of FISMA Compliance Program. The continuous evaluation process will monitor new compliance requirements and best practices and update testing criteria to drive product compliance effectiveness and quality over the long term. LEARN MORE ABOUT FISMA REQUIREMENTS
|