Elemental Security, Inc., the award-winning pioneer of new technology in enterprise information security, today announced a new policy framework to help federal government organizations measurably improve their compliance with the Federal Information Security Management Act (FISMA).
Based on the U.S. Government’s implementation resource guide – the National Institute of Standards and Technology (NIST) “Recommended Security Controls for Federal Information Systems” (Special Publication 800-53) – Elemental’s new policy framework helps organizations adhere to FISMA best practices for network access control and automated security policy management, as well as for systems and software inventory classification as defined in the NIST document “Standards for Security Categorization of Federal Information and Information Systems” (FIPS Publication 199).
According to Gartner, Inc., “Government organizations that are required to meet FISMA compliance should use [compliance] as a control framework … and for asset clarification. Use compliance as an opportunity to improve operational security not only by defining assets and documenting the current state of the organization, but also by implementing control objectives that drive effective risk analysis and management.” Moreover, “Organizations should use compliance as an opportunity to implement technologies and processes that improve operational security as well as provide support for FISMA and FIPS 199 compliance.”1
Available later this month, Elemental’s FISMA policy is the newest regulatory policy framework available in Elemental’s policy and risk management product, the Elemental Security Platform (ESP). ESP helps government organizations classify systems as defined in FIPS Publication 199 by continuously monitoring the configuration, inventory, and networking activity of machines on the network. This enables security administrators to target and automatically provision their policies based on the classification and behavior of systems. Additionally, as changes in the classification, behavior, or compliance of hosts are observed, ESP automatically adjusts policy deployments accordingly.
ESP continuously monitors policy compliance and reports on changes that impact an organization’s security compliance metrics and risk posture. ESP addresses FISMA requirements in the following ways:
• Provides unmatched transparency into the network by gathering an extensive array of system configuration, inventory, and network traffic information;
• Dynamically classifies and groups of systems;
• Automates security policy deployment, providing a continuous and accurate measure of compliance, as well as over-time trending information;
• Mitigates risks through automated remediation of security exposures and vulnerabilities;
• Delivers integrated host-level access controls that are aligned with business processes and the roles of users, systems, and applications; and
• Enables risk assessment based on discovery of new and existing threats, and by continuously gathering information from systems to understand their compliance, business purpose, security posture, and activity.
“With a FISMA policy framework based on rules from NIST assuring rigorous protections affecting host-level security, NAC and asset classification, Elemental has developed a comprehensive policy framework helping customers in their FISMA-related efforts,” said Elemental Chief Marketing Officer Roy Agostino. “Customers recognize the power and flexibility of the Elemental Security Platform, and have come to us requesting a FISMA policy set. They know that a policy set from Elemental, due to our unique visibility, automation and host-level security, is differentiated from other solutions in the industry. We are pleased to announce this month’s availability of the Elemental FISMA policy framework to help meet current and future federal government customers’ needs.”
Elemental’s award-winning product is the world’s only security policy system built from the ground up to make the state and activity of users and computers fully transparent, enabling customers to directly translate their business objectives into specific policies for all users and systems on their networks. Elemental unifies policy management, host configuration, inventory/discovery and role-based access control in one seamlessly integrated offering. Using Elemental, security administrators can easily assess the security posture of machines and networks, and make proactive decisions about managing risk.
Security policy and compliance management continue to be top priorities due to increasing frequency and severity of security breaches, and regulations such as Sarbanes-Oxley (SOX), the Payment Card Industry (PCI) Data Security Standard, the Health Insurance Portability and Accountability Act (HIPAA), and FISMA.
Elemental is an industry leader in enterprise policy and risk management. Using its award-winning Elemental Security Platform (ESP), organizations can directly translate their business objectives into specific policies for all users and systems on their networks. For the first time, enterprises can use a single product to obtain measurable and comprehensive metrics for their security policy needs and compliance requirements. Founded in December 2002, Elemental is a privately held company backed by Bessemer Venture Partners, Mayfield, Sequoia Capital and Lehman Brothers Venture Partners. Red Herring and AlwaysOn awarded the company their annual awards for the top private companies. Elemental was also named the “Most Innovative” company at the RSA Conference 2006, and earned 2006 “Private Security/Start-up to Watch” honors from Red Herring and Network World. The company is headquartered in San Mateo, Calif., and has offices throughout the U.S.
Elemental and the Elemental Security Platform, among others, are trademarks or registered trademarks in the United States and certain other countries of Elemental Security, Inc. Additional company and product names may be trademarks or registered trademarks of other individual companies and are respectfully acknowledged.
Note 1 – Gartner, Inc., “Findings From ‘Security and Risk’ Meeting: Augment FISMA Reporting with Technical Controls to Improve Operational Security,” Amrit T. Williams, John Pescatore, April 4, 2006.