Security Measures
Steps to FISMA compliance:
- Gain executive support for your security program.
- Develop an enterprisewide information security game plan.
- Identify one person or team responsible for ensuring FISMA compliance.
- Make sure your security leader has vision and can devise a long-term plan. This person should be aggressive when necessary-able to negotiate, secure buy-in and get budget approval.
- There is no silver bullet. Instead, it's about employing a methodical, risk-based, cost-effective approach.
- Set policies for the configuration of each component in the architecture.
- Establish a baseline configuration for the most widely used technologies.
- Conduct compliance testing of select components to ensure that the policies and standards are being implemented.
- Keep constant tabs on inventory-what systems are certified, how systems are classified, progress of software and hardware asset management, etc.
- Share security best practices with other agencies.
- Use network compliance tools, commercial vulnerability scanning software, enterprise security portals and vulnerability remediation tools.
- Don't be overwhelmed by the complexity of the information security issue. Take it one step at a time and build on small successes.
NEXT STORY: Portals in the Storm