« Compliance Driving Log Management Into the DataCenter | Main | Preventing data breaches is hard; detecting them later can be harder »

NIST Expert Says Legacy Systems Must Be FISMA Compliant Within 1 Year

Legacy systems are expected to be in compliance with NIST within 1 year of the publication date, according to Dr. Ron Ross of NIST in his presentation today about FISMA Compliance. And that is not all! Systems under development are expected to to be in compliance immediately upon deployment.

We sponsored a Government Computer News webcast on FISMA Compliance this morning with Dr. Ross to record attendance! (Over 900 people signed up!)

Ross went through FISMA guidelines, cleared up misconceptions on FISMA Compliance, and made recommendations for sound strategies to to get compliant with FISMA in short order.

Three key takeaways:

"Successful FISMA Implementation demands that organizations adopt an "enterprise-wide" Security Strategy"

"Common controls must be continuously monitored with results shared with all information system owners"

"Continuous Monitoring; Facilitates annual FISMA reporting requirements"

Log Management and Intelligence delivers FISMA Compliance in minutes. Our just announced FISMA Compliance and Control Suite helps government agencies verify that information security policies are being followed, substantially reduce audit time and expense, and achieve FISMA compliance. Out-of-the-box reports and alerts directly map to NIST standards, including NIST 800-53 (security controls) and NIST 800-92 (log management), providing an efficient, easy-to-implement solution. Our approach is cost-effective, using all available log data to automate the process of auditing and enforcing policies - and supports 100% of all log-related IT controls as outlined by FISMA. And -- its the first FISMA compliance solution based on log management and intelligence.

Technorati : Compliance, FISMA, LMI, Log Management, LogLogic

Posted January 24, 2007 in Compliance , Log Management & Intelligence , LogMatters , Security | Permalink

Visit loglogic.com

Subscribe to this blog’s feed

• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• The Merc
• CRN
• IT Architect
• The Reg
• Security Focus
• Slashdot
• TechWeb
• SANS
• C/Net
• CIO Insight
• InformationWeek
• Jamie Lewis - Burton Group
• eWeek
• IT Manager's Journal
• MIT Magazine
• VNU