Regulatory Compliance » FISMA Security Policy Solutions

FISMA Security Policy Solutions

Federal Information Security Management Act (FISMA)

Under FISMA, which supercedes the Government Information Security Reform Act of 2000 (GISRA), federal agencies are required to assess the state of their security before being approved for budget items by the OMB. To accurately assess the security state of federal agencies, NIST has published (NIST SP800-53) 17 Information Technology (IT) security topics that affect the security posture of an organization. These 17 security control areas form the framework for a complete, policy-based approach to security.

According to maturity model defined in the Federal IT Security Assessment Framework, the security program progresses from having policies (Level 1) to having detailed procedures (Level 2), implementing these procedures (Level 3), testing compliance with and effectiveness of the procedures (Level 4), and finally fully integrating policies and procedures into daily operations (Level 5).

Develop Security Policies Quickly

Information Security Policies Made Easy provides a complete set of security policies that cover each of the 17 key NIST assessment areas. Organizations can save time and money implementing Level 1 compliance by customizing our library of over 1400 pre-written policies.
» Learn More » Request a Sample

Keep Security Policies Up to Date

The PolicyShield Information Security Policy Subscription service is the most cost-effective way to keep security policies updated against the latest technologies, threats and regulatory changes. Save time and money as our experts write the security policies and implementation advice you need when you need them!

» Learn More » Request a Sample

Document Security Roles

Information Security Roles and Responsibilities Made Easy provides expert guidance and templates for building an effective security organization. According to NIST, security roles and responsibilities are key to implementing an effective control over security. Save your organization hundreds of hours of effort in developing and documenting your security organization.

» Learn More » Request a Sample

Other Federal Security Requirements

The establishment of a sound security program is mandated by other Federal laws, including the Clinger-Cohen Act, the Computer Security Act of 1987, the Government Performance and Results Act (GPRA), and the Government Paperwork Elimination Act (GPEA). Key to an effective security posture is a robust set of security policies and standards backed by an effective security organization. Information Shield publications will save your organization hundreds of development hours by providing pre-written best practices that have been tested in hundreds or organizations around the world.

For more information on using Information Shield solutions for your FISMA compliance efforts, please contact us.

FISMA Policy Resources

» FISMA Policy Map
» Policy Solutions Newsletter
» Security Policy Whitepapers

Learn More

» Request a Sample
» Other Products
» Order Online
» Contact Us

FISMA Requirements

"The second component of an effective security metrics program is practical security policies and procedures backed by the authority necessary to enforce compliance."

NIST Special Publication 800-55, Security Metrics Guide for Information Technology Systems

"The details of how security controls should be implemented are usually described in organization-specific policies and procedures (Phase 3) that define a baseline of security practices that are prescribed for the system."

- NIST SP 800-55

"6.1.2 Are there documented job descriptions that accurately reflect assigned duties and responsibilities and that segregate duties?"

- NIST Self-Assessment Guide for IT Systems

Other Regulations

» FACTA and Red Flags
» PCI-DSS Solutions
» ISO 17799/27001
» COBIT/Sarbanes-Oxley
» HIPAA Security and Privacy
» More regulatory solutions