FISMA News

Tripwire Launches FISMA Compliance Support to Leading Configuration Assessment Solution

(Feb 05, 2008)--"Tripwire offers government agencies -- and the companies who contract with them -- two things they badly need: compliance and security." Said Sean Sherman, a FISMA expert for Tripwire on the release of Tripwire's FiSMA Compliance Support to Leading Configuration Assessment Solution

"Crucially, it does it in a cost-effective, time-efficient manner that cuts the red tape and keeps agencies under budget." continued Sherman.

Strong security engenders trust, and engendering trust is mission critical for any government agency. Since the enactment of the Federal Information Security Management Act (FISMA) in 2002, government agencies and private contractors who work with them have sought efficient, reliable ways to prove FISMA compliance and to guarantee beyond the shadow of a doubt that their systems are secure. More than 400 government agencies have purchased Tripwire, the leader of configuration audit and control software solutions, to help them achieve and maintain a known and trusted state.

Proving FISMA compliance can be a tedious, manual process, with agencies using many different methods to compile the required security data. The process is not only inefficient, it can also be disorganized, not allowing for information to be gathered and compared in one place, leading to "spreadsheet chaos" and mounting costs that leave little time for analysis. Not surprisingly, many agencies have a hard time achieving and maintaining compliance: In a survey released in 2005 by Cisco, 35 percent of federal agencies said they would be less than 50 percent compliant in meeting FISMA's configuration management objectives. While officials say there is "slow but steady" improvement in FISMA compliance, only 24 agencies received a grade of C- or higher in 2006.

Tripwire's software and service solutions help government agencies achieve more than a passing grade: it also helps them achieve and maintain a known and trusted state. Tripwire Enterprise is the first and only solution to effectively combine change auditing with configuration assessment -- ensuring the known and trusted state is preserved -- by leveraging industry standards and benchmarks (including, but not limited to, FISMA) to ensure they comply with internal and external policies.

Tripwire helps customers achieve a known and trusted state by proactively testing and assessing systems against out-of-the-box policies to ensure they comply with internal and external policies. Tripwire leverages industry standards, specifically benchmarks from the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), as well as the Defense Information Systems Agency (DISA). These benchmarks include thousands of configuration assessments enabling automatic, sustainable policy compliance testing for FISMA.

Tripwire then maintains the integrity of all systems by identifying and validating all changes to ensure configurations remain in a known and trusted state. Tripwire does this by establishing a secure baseline to measure change against, then monitoring against that baseline through ongoing, tunable change detection. The time and resources invested demonstrating the effectiveness of security controls are reduced. Compliance is not just achieved but continuously maintained, and security risks are mitigated.

Tripwire can by found in 14 of 15 federal cabinet level agencies including the Departments of Agriculture, Interior, Commerce, Justice, Defense, Labor, Education, State, Energy, Transportation, Treasury, Homeland Security, Veteran Affairs, and Health & Human Services.

Share or bookmarklet this web page at: