Federal Information Security Management Act



Protects sensitive U.S. Government data, assets and operations.


Government information is categorized based on the objectives of providing appropriate levels of information security according to a range of risk levels defined by FIPS 199 Standards for Security Categorization of Federal Information and Information Systems.


U.S. – All U.S. federal agencies, contractors and other entities that handle federal data – which could include state and local governments, and any private sector entity who does business with the government.


Notification to Congress within 7 days.


Audits, Investigations, as well as possible Censure by Congress, Termination of Contract, or Reduction in Federal Funding.

FISMA Requirements

Encryption Discussion

WinMagic Solution

NIST 800-53, Rev. 4

Security and Privacy Controls for Federal
Information Systems and Organizations

NIST 800-53 is FISMA mandated, including:

  • IA-7: Cryptographic Module Authentication
  • SC-12: Cryptographic Key Establishment and Management
  • SC-13: Cryptographic Protection
  • SC-28: Protection of Information at Rest
  • MP-4: Media Storage
  • AC-3: Access Enforcement

SecureDoc Enterprise Server can leverage FIPS 140-2 validated SecureDoc Full Disk Encryption or other FIPS 140-2 validated encryption modules such as BitLocker, FileVault 2 and validated Opal SEDs.

SecureDoc Enterprise Server (SES) offers secure cryptographic key management and protection for data-at-rest across endpoints, removable media, files and folders, and workloads running in Virtual or Cloud IaaS environments.

AD Sync integrates SES with Active Directory to deliver user-based policy management and authentication.

SES Management Console and SES Web Console strengthen compliance with a unified, enterprise-wide security view for audit and accountability.

FIPS 200

Minimum Security Requirements for Federal Information and Information Systems

FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA, including requirements for:

  • Access Control
  • Audit and Accountability
  • Identification and Authentication
  • Media Protection