Federal Information Security Management Act (FISMA)

What IS FISMA?

The Federal Information Security Management Act was passed in December of 2002 as Title III of the E-Government Act (Public Law 107-347). FISMA’s intent is to help ensure the integrity, security, and availability of government systems. The National Institute of Standards and Technology (NIST) regularly issues guidance on security best practices, develops information security standards (Federal Information Processing Standards), and provides guidelines (Special Publications in the 800-series) for non-national security federal information systems in support of FISMA. Noncompliance with FISMA is published publically by Congress in the form of agency scorecards. Poor FISMA compliance may result in a requirement to report before Congress and significant budget-related penalties may be applied.

FISMA Compliance Requirements

The act requires that each federal agency develop, document, and implement a plan to provide security for the data and systems that support agency operations and assets. The act further extends this requirement to include assets managed by other agencies and contractors. This comprehensive framework provides guidance for securing government assets and information security best practices. Based on this framework, FISMA mandates that all agencies, contractors, and associated entities annually report their security status to the Office of Management and Budget (OMB).

FISMA is part of a greater effort to mitigate risk and increase information security across all federal agencies, contractors, and other entities. FISMA compliance benefits federal agencies in three ways: 1) Greater data security and availability across government systems, 2) Protection from penalties associated with noncompliance, and 3) Stronger national security and overall economic stability for the United States.

FISMA Compliance and Fraud Prevention Challenges

Several of FISMA’s key provisions provide significant challenges for federal agencies and their affiliates, including mandates to:

• Continuously monitor systems.
• Document access controls and data access across all systems.
• Ensure the confidentiality, integrity, and availability of government data.
• Audit and report on their systems.

Here’s the underlying problem: The data requiring protection is often housed in multiple legacy applications with inadequate logging information to support the security audit requirements of FISMA.

The Luminet Solution

Luminet fraud prevention software provides a number of capabilities that are key to supporting FISMA compliance and increasing the security and availability of government data. These capabilities include:

• 100% visibility into user activity
  Luminet captures user activity—screen by screen, keystroke by keystroke—across all applications. It also provides the ability to replay that activity to gain an “over the shoulder view” of what the user was doing. By providing this unique view into user actions, Luminet adds context to keystrokes—which enables you to take informed action.
• Complete audit trail
  Luminet can capture all user activity, including read-only/query access. This information in stored in a secure database, where it is available in the event that legal action is required.
• Searches across platforms and legacy systems
  Luminet supports monitoring across multiple application types, including mainframe, iSeries, web, and client/server. No desktop agents or host-side components are required.
• User-behavior analysis
  Luminet monitors, correlates, and profiles user behavior across multiple applications to detect suspicious patterns and pinpoint anomalies. These capabilities, in conjunction with activity alerts and risk-based scoring, provide actionable intelligence in near real time.

Built with Substantial Business Process Functionality

Learn how Luminet detects and prevents fraud in government agencies.