CorreLog, Inc.   Solutions   Download   Partners   News   Support   About Login

Solutions > CorreLog For FISMA Compliance

The Federal Information Security Management Act (FISMA) provides standards and guidelines that govern the processing of information for any USA Federal system. This standard is required if you are working with Federal records. This standard is also well suited for enterprises requiring easy demonstration of security policy effectiveness, such as organizations whose fundamental charter is to monitor security for other parties.

 

The FISMA Compliance Standard

CorreLog guides you through FISMA compliance. CorreLog configuration audit and control software detects every change made to the IT system, alerts when an unauthorized change is made, and assesses each change is within policy.

Configuration Assessment.
With configuration assessment, CorreLog Enterprise can proactively test and assess a server environment against pre-configured, out-of-the-box policies, helping to enable a minimal deployment window. CorreLog leverages industry standards, specifically benchmarks from the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), as well as the Defense Information Systems Agency (DISA). These benchmarks include tens of thousands of configuration assessments enabling automatic sustainable policy compliance testing for FISMA.

Change Detection and Reporting.
CorreLog monitors file integrity and file structures on information systems, including hardware, software, network, and security infrastructure. It then provides detailed change audit information to enable agency staff to quickly pinpoint, analyze, and recover from any undesirable change. CorreLog delivers assurance that authorized changes are completed, and that unauthorized or ad hoc changes that circumvented policy are detected and immediately reported. With a verifiable audit trail, staff can then document every step to auditors or assessors and provide them with detailed reports that demonstrate changes made to information systems can be detected, corrections verified, and anomalies explained. The path from data to information to knowledge is quick and responsive.

Automated Compliance.
By combining change detection and reporting with configuration assessment, CorreLog assesses every change as authorized, within policy and compliant, ensuring systems achieve a known and trusted state. CorreLog then helps maintain that known and trusted state by establishing a secure baseline to measure change against, and then monitors against that baseline through ongoing, tunable change detection and reporting.

Enforce FISMA policy for online and offline data transfer.
CorreLog collects security data from the entire enterprise, including data related to the monitoring and control transfer of federal agency data from all desktops and laptops regardless of where users and data go, and even when users are not connected to the corporate network.

Control the transfer of federal agency data to removable media.
CorreLog provides the ability to detect new peripheral devices that may indicate the transfer of data from a main disk to a portable and removable drive. CorreLog regulates how users copy federal agency data to removable USB drives, CDs, DVDs and other external storage devices.

Control the transfer of federal agency data through the network.
CorreLog monitors network transfers. This provides direct monitoring of how users access, print, and send federal agency data over the network via email, peer-to-peer (P2P) applications, IM, HTTP, HTTPS, FTP, Wi-Fi, or other means. This ensures that data only goes to authorized recipients such as contractors or other agencies.

Educate and train end users.
CorreLog improves user awareness, which reinforces appropriate behavior with custom and automatic notifications. This helps maintain the information security policy that FISMA requires.

Prove internal controls.
CorreLog supports compliance with FISMA and NIST 800-53 guidelines by demonstrating security measures to auditors, board members and other stakeholders. CorreLog provides a rich assortment of reporting, and includes a unique "ticket" ability that can clearly demonstrate that incidents are being reviewed, resolved, and closed.

Restrict physical access to agency data.
CorreLog detects when systems are restarted (via a cold-start trap or via syslog messages) indicating that physical access may be breached - and systems may have been tampered with. This includes detection of USB and computer driver activity; indicating that somebody may have physical access to a restricted machine. CorreLog monitors the creation, deletion and modification of user accounts and groups so it can detect when access has been given to a user to a particular system. Additionally, CorreLog keeps track of user logins to these systems, including by time of day, so that 'after hours' unauthorized access is easily detected.

Track and monitor all access to network resources.
This is the main role of CorreLog as a security monitor. It provides visibility into who is logging into what areas of the enterprise and keeps track of what users are doing on the system. This is achieved through monitoring log messages and mapping activity back to security protocol. This correlation is presented in detailed event reports like the one above.

Regularly test security systems and processes.
CorreLog can schedule periodic tests of network integrity and verify that certain messages are logged, indicating successful tests. CorreLog interfaces easily with common, security-test software, including port scanners, to verify that CorreLog is successfully monitoring system security. CorreLog has a self-test associated with AES encryption that permits users to verify that CorreLog encryption is working.

Maintain a policy that addresses information security.
An organization cannot claim to have a comprehensive information security policy without monitoring the security message being constantly logged on platforms within your enterprise. An enterprise that installs CorreLog, with no other action, takes a major step forward in creating and maintaining an enterprise security policy.

Develop and maintain secure systems and applications.
CorreLog furnishes ability to make Windows platforms more secure (using the CorreLog Windows agent). For UNIX and other platforms, CorreLog leverages the existing native agent (i.e. the syslog process) to make the managed system more secure. CorreLog is a substantial "development component" of an enterprise-wide security policy, incorporating a standards-based, easy-to-use API to allow you to extend your security to any streaming log file or home-grown application.

CorreLog specifically facilitates compliance with many NIST controls, particularly operational and technical controls. By using CorreLog, federal agencies and their associated organizations can achieve and maintain a known and trusted state across their IT infrastructure. The CorreLog system monitors thousands of security points; logging all activity on your system (in excess of ten-million events each day) and correlating this data into alerts and actionable data - more clear and detailed than any other technology today.

View Other Compliance Notes And Guidelines...

This is CorreLog
Security Compliance
Datasheets
 
Free Trial Download
Request Product Demo
Purchase CorreLog

Privacy  |  Product Licensing  |  Contact Us

CorreLog: High Performance Correlation, Search and Log Management

Copyright © 2010, CorreLog, Inc. All rights reserved.
All trademarks and registered trademarks used herein are the properties of their respective owners.

Google, Twitter, Digg, SlashDot, Cisco, Microsoft