FISMA Security Policy Solutions

Under FISMA, which supercedes the Government Information Security Reform Act of 2000 (GISRA), federal agencies are required to assess the state of their information security before being approved for budget items by the OMB. To accurately assess the security posture of federal agencies, NIST has published (NIST SP800-53) 17 Information Technology (IT) security topics that affect the security posture of an organization. These 17 security control areas form the framework for a complete, policy-based approach to security.

According to maturity model defined in the Federal IT Security Assessment Framework, the security program progresses from having policies (Level 1) to having detailed procedures (Level 2), implementing these procedures (Level 3), testing compliance with and effectiveness of the procedures (Level 4), and finally fully integrating policies and procedures into daily operations (Level 5).

Information Security Policies Made Easy provides a complete set of security policies that cover each of the 17 key NIST assessment areas. Organizations can save time and money implementing Level 1 compliance by customizing our library of over 1400 pre-written policies.

» Learn More  » Request a Sample

The PolicyShield Information Security Policy Subscription service is the most cost-effective way to keep security policies updated against the latest technologies, threats and regulatory changes. Save time and money as our experts write the security policies and implementation advice you need when you need them!

 » Learn More  » Request a Sample

Information Security Roles and Responsibilities Made Easy provides expert guidance and templates for building an effective security organization. According to NIST, security roles and responsibilities are key to implementing an effective control over security. Save your organization hundreds of hours of effort in developing and documenting your security organization.

» Learn More  » Request a Sample

Other Federal Security Requirements

The establishment of a sound security program is mandated by other Federal laws, including the Clinger-Cohen Act, the Computer Security Act of 1987, the Government Performance and Results Act (GPRA), and the Government Paperwork Elimination Act (GPEA). Key to an effective security posture is a robust set of security policies and standards backed by an effective security organization. Information Shield publications will save your organization hundreds of development hours by providing pre-written best practices that have been tested in hundreds or organizations around the world.

For more information on using Information Shield solutions for your FISMA compliance efforts, please contact us.