FISMA News

Cloakware Position Paper Reveals Crucial Password Security Measures for FISMA Compliance

(Feb 13, 2007)-- Security solutions provider Cloakware,  announced the availability of its new position paper, Raising the Security Bar: Cloakware’s Contribution to the Federal Information Security Management Act of 2002. In this paper, Cloakware identifies the importance of a comprehensive password management system for both elevated privileged accounts used by administrators and unattended applications in the data center and delivers a workable solution that complies with the Federal Information Security Management Act of 2002 (FISMA).

FISMA mandates that organizations bolster information security controls over resources that support federal operations and assets, including annual audits. Specifically, several sections in this legislation detail the requirements for data center password management. However, regular server password updates remain a weak point in many data centers because it is a manual, time-consuming, expensive process for IT departments. Without updates to the hundreds or thousands of unmanaged passwords in an organization, all data protected by those passwords is at risk. It is therefore crucial for organizations of all sizes to implement an organized system of password management because if left unchanged, these passwords pose a significant vulnerability to any IT department.

In its position paper, Cloakware presents a solution on how to satisfy FISMA compliance requirements with a secure, automated password management system. The key to an effective system should include steps towards both prevention and detection, including:

* Eliminating the requirement to disclose application or server passwords to administrators, developers, partners and outsourcers;
* Securely storing application and server passwords in an encrypted, centralized repository;
* Minimizing the lifetime of critical, elevated-privileged passwords through regular password changes;
* Controlling access by mapping acceptable password use policies to requesting administrators, servers and applications;
* Providing strong authentication and authorization of administrators and applications for password retrieval requests;
* Preventing software tampering and reverse engineering attacks; and
* Detecting customer application and password management software library tampering.

“The yearly audits demanded by FISMA place increased emphasis and visibility on necessary improvements to the security of federal information systems,” said Alec Main, Cloakware’s CTO. “Federal organizations require solutions that meet the security and efficiency challenges of managing unattended and administrator passwords that contribute to quantifiable and verifiable compliance. Cloakware offers organizations a useful and timely analysis for automating this critical process.”

Share or bookmarklet this web page at: