The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.
|Maintain an Inventory of Information Systems||Put together a detailed list of the information systems you use (including date of purchase, upgrades, and repairs) and how they interact with other systems in a network.|
|Categorize Information Systems||Classify these systems according to confidentiality, integrity, and availability, then further stratify them into low, medium, and high-risk levels to align sensitive data with the appropriate security ranking.|
|Maintain a System Security Plan||Under the legislation, organizations must create a system security plan detailing security controls and policies.|
|Utilize Security Controls||Implement security controls relevant to your objectives, risk tolerance, and operational environment, including authentication, personnel security, configuration management, incident response, and accountability.|
|Conduct Risk Assessments||Assess and validate your security controls to identify any potential gaps and weaknesses.|
|Perform Continuous Monitoring||monitor the security controls and systems for modifications and changes. Types of monitoring you will need to incorporate include configuration management, file integrity monitoring, vulnerability scanning, and log analysis.|
To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.