FISMA Compliance for File Transfers

What is FISMA Compliance?

Closeup of US State Capitol building

Signed into law in 2002, the Federal Information Security Management Act (FISMA) establishes a set of security guidelines that help to reduce the security risk to federal data. FISMA regulations apply to all agencies within the U.S. federal government, some state agencies, and any private sector organization in a contractual relationship with the government. The National Institute of Standards and Technology (NIST) is the agency named responsible for developing the security standards and guidelines necessary for FISMA implementation.

Federal Information Security Management Act Compliance Requirements:

FISMA guidelines cover topics including information system inventory, risk categorization, system security plan, security controls, risk assessments, certification and accreditation and continuous monitoring.

One of the most popular and robust NIST publications set forth in accordance with FISMA is NIST SP 800-53, “Recommended Security Controls for Federal Information Systems and Organizations.” This publication is used by organizations subject to FISMA regulations for establishing and maintaining best practices regarding information security.

Evaluation of compliance is reported annually to the Office of Management and Budget (OMB), and each agency’s FISMA Report Card is available to the public. Penalties for non-compliance includes censure (public reprimand) by congress, reduction in federal funding and negative publicity stemming from the public FISMA Report Card, congressional censure and subsequent media coverage.

Managed File Transfer and FISMA Compliant File Transfer

Ensuring that file transfers performed under the guidelines of FISMA are secure is an essential step towards FISMA and NIST compliance. Several of the NIST SP 800-53 controls can be addressed through the GoAnywhere managed file transfer solution, which include:

Data protection and encryption during file transfer processes

Access control to limit data access to only those necessary

Auditing and reporting to efficiently provide data needed for annual FISMA audits

"Because GoAnywhere was so simple to implement and configure and the documentation was more than sufficient, we saved the additional costs of implementation services. The competing solutions required weeks to implement. GoAnywhere was fully installed, tested and put into production in a few days."

Serge Arnone, IT Manager, IDB Swiss Bank Ltd

Related Resources

Meeting Compliance Requirements with GoAnywhere
How Government Organizations Secure Data with GoAnywhere
Secure File Sharing for Government and Public Sector

How the Federal and Public Sectors Use GoAnywhere MFT

Adams County, Colorado

The fifth largest county in Colorado, Adams, discovered a streamlined, consistent way to automate their file transfers between internal systems, external systems, and trading partners with GoAnywhere MFT.

To facilitate a payroll project, the team in Adams County started using GoAnywhere's run-time mode to verify that files are correct before going out. As soon as the files are approved by staff, they're sent out with the click of a button.

Read the Full Story: Automating File Transfers Across Multiple Systems 

Get Started with FISMA Compliance Today

Start Your Free Trial