FISMA / NIST 800-53
NetIQ's security and administration products aid Federal organizations with implementing the controls required by NIST SP 800-53 by streamlining their business processes to assure business continuity, improve operational efficiency and maximize security for the IT infrastructures of those organizations. At NetIQ, we develop easy to use, modularly integrated security management solutions that assist customers with regulatory and policy compliance while enabling these organizations to secure their IT assets and manage risk.
Business Problem
Mandated by the Federal Information Security Management Act (FISMA) of 2002, NIST created the special publication 800-53 to provide guidelines on security controls for Federal Information Systems. The risk management framework in 800-53 provides civilian federal agencies with an excellent guide for breaking down FISMA into areas of IT controls which can be implemented as policy and assessed for compliance. To comply, the IT departments of these organizations must implement strategies and processes to:
- Assure service levels, policy compliance and appropriate risk management
- Secure all assets and services
- Reduce the cost and complexity of heterogeneous IT infrastructure management
The NetIQ Solution
NetIQ's award winning and industry-recognized products can dramatically enhance the protection profile of Federal organizations, and aid chief information officers in complying with the requirements detailed in NIST SP 800-53. Specifically, NetIQ can aid organizations in the areas of:
- Performance Management – Meet service level commitment, end-user expectation and business-driven IT performance objectives, while reducing your operating costs.
- Security Management – Monitor your diverse security environment, resolve incidents and satisfy log management requirements without consuming all your time and resources.
- Configuration Management – Demonstrate IT compliance with policies and regulations through security configuration management, regulatory mapping and reporting.
- Change Control – Control and audit system changes to assure the integrity of your distributed IT infrastructure through time-based, task-specific permissions management.
- Windows Administration – Delegate and automate administrative tasks to streamline your work, while maximizing your return on Windows and Active Directory.
Key Features
NetIQ products can help you address the key focal areas specified within NIST SP 800-53.
- Manage configuration baselines within the entire organization. NetIQ Secure Configuration Manager enables effective configuration management from discovery of all systems connected to the network through establishing and managing the baselines across those systems, and identifying where those system drift from their expected configurations.
- Manage and measure risk at all levels of the organization. NetIQ Secure Configuration Manager measures the level of threats posed by vulnerabilities and compliance exceptions against the importance of managed assets, and provides powerful metrics to illustrate risk on a system-by-system as well as a group-by-group basis. The NetIQ Risk and Compliance Center solution provides service-level assurance by measuring and managing operational risk in the organizational environment. Its flexible architecture allows companies to render key risk metrics, via a weighted risk score, quantifying the security posture of an asset at a given point in time.
- Secure assets within the organization. NetIQ Security Manager monitors heterogeneous security controls throughout the organization, allowing organizations to be proactive rather than reactive in their security management by enabling fast identification of potential and existing threats, and providing detailed and accurate security knowledge to staff to enable quick remediation and reduce exposure times.
- Provide secure and automated management and audit of changes to your Windows environment, leading to further compliance with regulatory mandates. NetIQ's Security Administration Suite products help you manage information access by managing Active Directory permissions for user accounts, groups and computer accounts, controlling file and folder permissions throughout the file system and monitoring changes to group policy-permissions in real time. Real-time monitoring and audit of changes to Active Directory are provided through NetIQ Change Guardian for Active Directory, along with detailed reporting on changes for auditors and management.
