Focus
Protects sensitive U.S. Government data, assets and operations.
Data
Government information is categorized based on the objectives of providing appropriate levels of information security according to a range of risk levels defined by FIPS 199 Standards for Security Categorization of Federal Information and Information Systems.
Scope
U.S. – All U.S. federal agencies, contractors and other entities that handle federal data – which could include state and local governments, and any private sector entity who does business with the government.
Breach
Notification to Congress within 7 days.
Non-Compliance
Audits, Investigations, as well as possible Censure by Congress, Termination of Contract, or Reduction in Federal Funding.
FISMA Requirements
Encryption Discussion
WinMagic Solution
NIST 800-53, Rev. 4
Security and Privacy Controls for Federal
Information Systems and Organizations
NIST 800-53 is FISMA mandated, including:
- IA-7: Cryptographic Module Authentication
- SC-12: Cryptographic Key Establishment and Management
- SC-13: Cryptographic Protection
- SC-28: Protection of Information at Rest
- MP-4: Media Storage
- AC-3: Access Enforcement
SecureDoc Enterprise Server can leverage FIPS 140-2 validated SecureDoc Full Disk Encryption or other FIPS 140-2 validated encryption modules such as BitLocker, FileVault 2 and validated Opal SEDs.
SecureDoc Enterprise Server (SES) offers secure cryptographic key management and protection for data-at-rest across endpoints, removable media, files and folders, and workloads running in Virtual or Cloud IaaS environments.
AD Sync integrates SES with Active Directory to deliver user-based policy management and authentication.
SES Management Console and SES Web Console strengthen compliance with a unified, enterprise-wide security view for audit and accountability.
FIPS 200
Minimum Security Requirements for Federal Information and Information Systems
FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA, including requirements for:
- Access Control
- Audit and Accountability
- Identification and Authentication
- Media Protection