Federal Information Security Management Act

(FISMA)

Focus

Protects sensitive U.S. Government data, assets and operations.

Data

Government information is categorized based on the objectives of providing appropriate levels of information security according to a range of risk levels defined by FIPS 199 Standards for Security Categorization of Federal Information and Information Systems.

 Scope

U.S. – All U.S. federal agencies, contractors and other entities that handle federal data – which could include state and local governments, and any private sector entity who does business with the government.

 Breach

Notification to Congress within 7 days.

 Non-Compliance

Audits, Investigations, as well as possible Censure by Congress, Termination of Contract, or Reduction in Federal Funding.

FISMA Requirements

Encryption Discussion

WinMagic Solution

NIST 800-53, Rev. 4

Security and Privacy Controls for Federal
Information Systems and Organizations

NIST 800-53 is FISMA mandated, including:

  • IA-7: Cryptographic Module Authentication
  • SC-12: Cryptographic Key Establishment and Management
  • SC-13: Cryptographic Protection
  • SC-28: Protection of Information at Rest
  • MP-4: Media Storage
  • AC-3: Access Enforcement

SecureDoc Enterprise Server can leverage FIPS 140-2 validated SecureDoc Full Disk Encryption or other FIPS 140-2 validated encryption modules such as BitLocker, FileVault 2 and validated Opal SEDs.

SecureDoc Enterprise Server (SES) offers secure cryptographic key management and protection for data-at-rest across endpoints, removable media, files and folders, and workloads running in Virtual or Cloud IaaS environments.

AD Sync integrates SES with Active Directory to deliver user-based policy management and authentication.

SES Management Console and SES Web Console strengthen compliance with a unified, enterprise-wide security view for audit and accountability.

FIPS 200

Minimum Security Requirements for Federal Information and Information Systems

FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA, including requirements for:

  • Access Control
  • Audit and Accountability
  • Identification and Authentication
  • Media Protection
keyboard_arrow_up