Federal Information Security Management Act
(FISMA)
(FISMA)
Protects sensitive U.S. Government data, assets and operations.
Government information is categorized based on the objectives of providing appropriate levels of information security according to a range of risk levels defined by FIPS 199 Standards for Security Categorization of Federal Information and Information Systems.
U.S. – All U.S. federal agencies, contractors and other entities that handle federal data – which could include state and local governments, and any private sector entity who does business with the government.
Notification to Congress within 7 days.
Audits, Investigations, as well as possible Censure by Congress, Termination of Contract, or Reduction in Federal Funding.
FISMA Requirements
Encryption Discussion
WinMagic Solution
NIST 800-53, Rev. 4
Security and Privacy Controls for Federal
Information Systems and Organizations
NIST 800-53 is FISMA mandated, including:
SecureDoc Enterprise Server can leverage FIPS 140-2 validated SecureDoc Full Disk Encryption or other FIPS 140-2 validated encryption modules such as BitLocker, FileVault 2 and validated Opal SEDs.
SecureDoc Enterprise Server (SES) offers secure cryptographic key management and protection for data-at-rest across endpoints, removable media, files and folders, and workloads running in Virtual or Cloud IaaS environments.
AD Sync integrates SES with Active Directory to deliver user-based policy management and authentication.
SES Management Console and SES Web Console strengthen compliance with a unified, enterprise-wide security view for audit and accountability.
FIPS 200
Minimum Security Requirements for Federal Information and Information Systems
FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA, including requirements for: