FISMA

The Federal Information Security Management Act (FISMA) is intended to improve computer and network security within the federal government and other affiliated organizations such as government contractors.

The FISMA rules are wide reaching and call for the implementation of a formal security plan at all agencies and contractors that handle government data, continuous monitoring, as well as a periodic audit of computer systems.

One of the central themes of FISMA is maintaining a secure audit trail of user activity including:

• Logging and auditing the use of privileged access
• Logging and monitoring administrative access to DNS Servers, routers and switches
• Logging and monitoring user or program access to sensitive system resources, including files, programs, processes, or operating system parameters
• Filtering logs for potential security events, and providing adequate reporting and alerting capabilities
• Activating and using operating system security and logging capabilities, and supplementing them with additional security software where supported by risk management process
• Restricting and logging access to system utilities, particularly those with data altering capabilities
• Monitoring operating system access by user; terminal, date, and time of access
• Logging access and security events in applications
• Using software that enables rapid analysis of user activities
• Logging and monitoring remote access
• Logging and monitoring the date, time, user, user location, duration, and purpose for all remote access