The NetSec FISMA Enterprise Tracking and Reporting (FISMA-ETR) service allows staff from across an agency to track and report their progress against guidelines from the Office of Management and Budget to be compliant with FISMA.
NetSec developed the new service after it saw clients spending enormous amounts of time and duplication of effort on FISMA-related reporting.
"Organizations have been struggling to meet the compliance requirements of this legislation," says Ken Ammon, president and cofounder of NetSec.
The law requires agencies to track their performance in the measurement of the risks of their systems, and to remediate weaknesses when found.
"Much of that is a significant challenge in organizations, where there may be hundreds of systems that need to be tracked and reported on," Ammon says.
The FISMA-ETR service allows various agencies to report and rolls the information up to the head level, which helps to meet strict reporting deadlines.
The key points of an information security plan that complies with FISMA include: assessing risk for each system before it is implemented; certifying and accrediting each system in use; examination of system policies and controls; identification and remediation of weaknesses; and signoff by the person responsible for operating the system that they are comfortable with the system's risks.
For product selection, decisions as to why a particular product is chosen are documented, and products are often tested before being deployed to ensure that they work as advertised. If the accrediting authority charged with accepting the risk is not satisfied, her or she could delay deployment of the new product.
The service is priced at $50,000 for an annual subscription for a single agency, for five seats. Additional seats can be added for $100 each, discounted for volume. Pricing for commercial businesses are approximately the same.
Loading Comments...