FISMA Pushes for Closer Network Inspection

Members of the security industry are applauding new guidelines from the National Institute of Standards and Technology that call for closer monitoring of IT systems to evolve with increasingly sophisticated adversaries.

In an article on the Government Computer News website, William Jackson says the focus of the Federal Information Security Management Act has shifted from “static check-box compliance” to more real-time situational awareness of government IT systems.

While early FISMA publications recommended that security controls be assessed “at least annually” and all other controls “at least once during the information system’s three-year accreditation cycle,” the revised version released in July 2009 eliminated these isolated snapshots of system status.

The new guidelines state, “Continuous monitoring of security controls using automated support tools facilitates near real-time risk management and promotes organizational situational awareness with regard to the security state of the information system.”

To read the article, please click here: