FISMA - Federal Information Security Management Act

Demonstrating the Effectiveness of Information Systems Controls

The Challenge

The Federal Information Security Management Act of 2002 (FISMA) requires federal agencies to establish and maintain uniform information security best practices in the computing environment. FISMA directed the National Institute of Standards and Technology (NIST) to create the standards and guidelines necessary to support FISMA objectives. As part of its Special Publications on Information Security (800) series, NIST published SP 800-53, Recommended Security Controls for Federal Information Systems, which sets parameters by which the agencies should establish and manage an Information Security Program (ISP) that regularly re-assesses risk to the computing environment and takes compensatory measures to reduce that risk.

Comprehensive documentation ensures that agencies are held accountable for the ISP, including regular reports on the effectiveness of IT security controls, a written plan of action and documented milestones for correcting high-risk situations.

As a government standard, SP 800-53 introduces challenges for federal agencies. They must maintain a high-level security posture to protect day-to-day operations, and demonstrate continual improvement in the computing environment by providing trendline analysis on IT security performance to auditors.

The Solution

Sentinel enables Federal agencies to more easily and efficiently satisfy many of the SP 800-53 requirements. Beginning with the data collection process, Sentinel allows IT administrators and managers to obtain accurate, timely assessments of the organization's current security risk by automating the process of gathering, consolidating, and evaluating critical event information. Event information is then correlated, compared across the organization, and summarized for input into agency FISMA reports.

SP 800-53 Security Categories and Control Requirements	Sentinel Capabilities
FAMILY: Access Control CLASS: Technical CONTROLS: AC-2 Account Management AC-3 Access Enforcement AC-5 Separation of Duties AC-7 Unsuccessful Login Attempts AC-11 Session Lock AC-12 Session Termination AC-13 Supervision and Review (Access Control) AC-14 Permitted Actions w/out Identification or Authentication AC-17 Remote Access AC-20 Personally-owned Information Systems	Sentinel assists client agencies in validating appropriate procedures for creating, maintaining and deleting user accounts as defined by organizational security policies, in order to ensure that account management practices can be audited for compliance monitoring. Sentinel collects information on all account management events such as creation, modification, deletion, and changes in user credentials. It also monitors policies that enforce proper authorization best practices and provides client agencies with the ability to audit "user access" activity for compliance monitoring, by validating that appropriate procedures are followed to authorize all access to systems and data based on user's role, group and permissions. Information is collected and analyzed on successful and failed user access to files, databases, servers and applications inside and outside of normal business hours. Sentinel also monitors the enforcement of proper authentication best practices, by validating that appropriate procedures are followed to authenticate all users to the systems, supporting the validity of subsequent transactions. Collection, analysis, and tracking of this information ensures that client agencies are fully able to audit account activity for compliance monitoring.
FAMILY: Audit and Accountability CLASS: Technical CONTROLS: AU-2 Auditable Events AU-3 Content of Audit Records AU-5 Audit Processing AU-6 Audit Monitoring, Analysis, and Reporting AU-7 Audit Reduction and Report Generation AU-8 Time Stamps AU-9 Protection of Audit Information	Sentinel significantly reduces the number of manual processes and hours associated with gathering pertinent data and preparing trend-line analysis for internal and external auditors. In addition to monitoring access control, Sentinel monitors and reports on best practices related to change management, which is a constant source of auditable events for most agencies. Sentinel validates that appropriate procedures are followed as defined by internal security policies, focusing on Administrative Privilege Changes, Domain/Policy Changes, Audit Policy Changes, etc.
FAMILY: Configuration Management CLASS:Operational CONTROLS: CM-5 Access Restrictions for Change	Sentinel validates that appropriate procedures are followed as defined by internal security policies, focusing on Administrative Privilege Changes, Domain/Policy Changes, Audit Policy Changes, etc.
FAMILY: Identification and Authentication CLASS: Technical CONTROLS: IA-2 User Identification and Authentication	Sentinel monitors the enforcement of proper authentication best practices, by validating that appropriate procedures are followed to authenticate all users to the systems, supporting the validity of subsequent transactions. Collection, analysis, and tracking of this information ensures that client agencies are fully able to audit account activity for compliance monitoring.
FAMILY: Incident Response CLASS: Operational CONTROLS: IR-4 Incident Handling IR-5 Incident Monitoring IR-6 Incident Reporting	Sentinel's iTRAC workflow management and remediation functionality receives triggers on incident creation and initiates remediation processes based on pre-defined templates. It manages the lifecycle of these processes by generating work items or executing activities. This service also maintains a history of completed processes which may be used for auditing incident responses.