Federal Information Security Management Act
Protects sensitive U.S. Government data, assets and operations.
Government information is categorized based on the objectives of providing appropriate levels of information security according to a range of risk levels defined by FIPS 199 Standards for Security Categorization of Federal Information and Information Systems.
U.S. – All U.S. federal agencies, contractors and other entities that handle federal data – which could include state and local governments, and any private sector entity who does business with the government.
Notification to Congress within 7 days.
Audits, Investigations, as well as possible Censure by Congress, Termination of Contract, or Reduction in Federal Funding.
NIST 800-53, Rev. 4
Security and Privacy Controls for Federal
Information Systems and Organizations
NIST 800-53 is FISMA mandated, including:
SecureDoc Enterprise Server can leverage FIPS 140-2 validated SecureDoc Full Disk Encryption or other FIPS 140-2 validated encryption modules such as BitLocker, FileVault 2 and validated Opal SEDs.
SecureDoc Enterprise Server (SES) offers secure cryptographic key management and protection for data-at-rest across endpoints, removable media, files and folders, and workloads running in Virtual or Cloud IaaS environments.
AD Sync integrates SES with Active Directory to deliver user-based policy management and authentication.
SES Management Console and SES Web Console strengthen compliance with a unified, enterprise-wide security view for audit and accountability.
Minimum Security Requirements for Federal Information and Information Systems
FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA, including requirements for: