GovernmentExecutive.com

Steps to FISMA compliance:

• Gain executive support for your security program.
• Develop an enterprisewide information security game plan.
• Identify one person or team responsible for ensuring FISMA compliance.
• Make sure your security leader has vision and can devise a long-term plan. This person should be aggressive when necessary - able to negotiate, secure buy-in and get budget approval.
• There is no silver bullet. Instead, it's about employing a methodical, risk-based, cost-effective approach.
• Set policies for the configuration of each component in the architecture.
• Establish a baseline configuration for the most widely used technologies.
• Conduct compliance testing of select components to ensure that the policies and standards are being implemented.
• Keep constant tabs on inventory - what systems are certified, how systems are classified, progress of software and hardware asset management, etc.
• Share security best practices with other agencies.
• Use network compliance tools, commercial vulnerability scanning software, enterprise security portals and vulnerability remediation tools.
• Don't be overwhelmed by the complexity of the information security issue. Take it one step at a time and build on small successes.

Post a Comment

To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.