Security Compliance An Issue For Government And Businesses - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Security Compliance An Issue For Government And Businesses

NetIQ introduces templates for its Security Compliance software suite to help government agencies tackle access control, audit and accountability, configuration management, and identification and authentication.

Compliance with the Federal Information Security Management Act, or FISMA, is one of the most daunting challenges that government chief information security officers face this year. Part of the 2002 E-Government Act, FISMA requires each federal agency to develop, document, and implement comprehensive information-security policies and practices to deal with security threats that concern government entities and businesses alike.

Knowing that federal IT security managers are devoting an increasing amount of time and resources to comply with FISMA, systems and security management vendor NetIQ Corp. on Monday introduced FISMA-specific templates for its Security Compliance software suite. The four templates tackle access control, audit and accountability, configuration management, and identification and authentication, automating the IT security-auditing process for federal agencies now required to submit security-related systems assessments annually to the White House's Office of Management and Budget. The templates produce reports for security managers that indicate their IT systems' level of compliance and ways in which they can improve their compliance scores.

NetIQ based the templates upon the National Institute of Standards and Technology's, or NIST's, SP800-53 guidelines. Finalized in February, SP800-53 outlines the management, operational, and technical safeguards necessary to comply with FISMA. These policy templates expand NetIQ's library of existing policy templates, which already cover the Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, ISO1779, and Center for Internet Security benchmarks.

NetIQ's template technology replaces more laborious security auditing processes, says Bill Bergman, data security manager for Omnicare Clinical Research, a provider of new drug development and marketing services to pharmaceutical companies. Although Omnicare won't use the new FISMA templates, the company recently implemented NetIQ's Vulnerability Manager and Security Manager software to help comply with Sarbanes-Oxley and HIPAA.

The templates provided by the Vulnerability Manager and Security Manager products pre-define the way a server should be configured to comply with, for example, Sarbanes-Oxley's minimum requirements and point out any configurations that are out of compliance. "It takes the burden of building these templates off of us," Bergman says. Previously, "we had to log on and go through the various settings on each machine to check compliance."

FISMA is structurally similar to Sarbanes-Oxley in that organizations are required to ensure that appropriate security controls are in place, that IT configurations are secured, and that IT organizations adhere to best practices, says Greg Davoll, NetIQ group product manager of security management solutions. "The sense of urgency is great around FISMA because the agencies understand that this isn't going away, and there's an expectation their compliance will improve over time," he adds.

This sense of urgency is apparently resonating with federal chief information security officers. The top three security concerns of federal CISOs include network compromise, patch management, and FISMA compliance, according to an August report issued by systems integrator Intelligent Decisions Inc. The report also found that federal CISOs this year are spending 23% more time on FISMA compliance reporting than they were a year ago. Agencies including the Homeland Security Department have already come under fire from the Government Accountability Office, Congress' investigative arm, for their inability to protect their data and IT systems.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll