Federal Information Security Management Act

(FISMA)

 

Title Green Bar Focus

Protects sensitive U.S. Government data, assets and operations.
 
 
 

Title Green Bar Data

Government information is categorized based on the objectives of providing appropriate levels of information security according to a range of risk levels defined by FIPS 199 Standards for Security Categorization of Federal Information and Information Systems.
 
 
 

Title Green Bar Scope

U.S. – All U.S. federal agencies, contractors and other entities that handle federal data – which could include state and local governments, and any private sector entity who does business with the government.
 
 

Title Green Bar Breach

Notification to Congress within 7 days.
 
 

Title Green Bar Non-Compliance

Audits, Investigations, as well as possible Censure by Congress, Termination of Contract, or Reduction in Federal Funding.
 
 
Title Green Bar  FISMA Requirements Title Green Bar  Encryption Discussion Title Green Bar  WinMagic Solution

NIST 800-53, Rev. 4

Security and Privacy Controls for Federal
Information Systems and Organizations

FIPS 200

Minimum Security Requirements for Federal Information and Information Systems

NIST 800-53 is FISMA mandated, including:

  • IA-7: Cryptographic Module Authentication
  • SC-12: Cryptographic Key Establishment and Management
  • SC-13: Cryptographic Protection
  • SC-28: Protection of Information at Rest
  • MP-4: Media Storage
  • AC-3: Access Enforcement

FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA, including requirements for:

  • Access Control
  • Audit and Accountability
  • Identification and Authentication
  • Media Protection

SecureDoc Enterprise Server can leverage FIPS 140-2 validated SecureDoc Full Disk Encryption or other FIPS 140-2 validated encryption modules such as BitLocker, FileVault 2 and validated Opal SEDs.

SecureDoc Enterprise Server (SES) offers secure cryptographic key management and protection for data-at-rest across endpoints, removable media, files and folders, and workloads running in Virtual or Cloud IaaS environments.

AD Sync integrates SES with Active Directory to deliver user-based policy management and authentication.

SES Management Console and SES Web Console strengthen compliance with a unified, enterprise-wide security view for audit and accountability.