What is FISMA Compliance?
Signed into law in 2002, the Federal Information Security Management Act (FISMA) establishes a set of security guidelines that help to reduce the security risk to federal data. FISMA regulations apply to all agencies within the U.S. federal government, some state agencies, and any private sector organization in a contractual relationship with the government. The National Institute of Standards and Technology (NIST) is the agency named responsible for developing the security standards and guidelines necessary for FISMA implementation.
Federal Information Security Management Act Compliance Requirements:
FISMA guidelines cover topics including information system inventory, risk categorization, system security plan, security controls, risk assessments, certification and accreditation and continuous monitoring.
One of the most popular and robust NIST publications set forth in accordance with FISMA is NIST SP 800-53, “Recommended Security Controls for Federal Information Systems and Organizations.” This publication is used by organizations subject to FISMA regulations for establishing and maintaining best practices regarding information security.
Evaluation of compliance is reported annually to the Office of Management and Budget (OMB), and each agency’s FISMA Report Card is available to the public. Penalties for non-compliance includes censure (public reprimand) by congress, reduction in federal funding and negative publicity stemming from the public FISMA Report Card, congressional censure and subsequent media coverage.
Managed File Transfer and FISMA Compliant File Transfer
Ensuring that file transfers performed under the guidelines of FISMA are secure is an essential step towards FISMA and NIST compliance. Several of the NIST SP 800-53 controls can be addressed through the GoAnywhere managed file transfer solution, which include:
Data protection and encryption during file transfer processes
Access control to limit data access to only those necessary
Auditing and reporting to efficiently provide data needed for annual FISMA audits
"Because GoAnywhere was so simple to implement and configure and the documentation was more than sufficient, we saved the additional costs of implementation services. The competing solutions required weeks to implement. GoAnywhere was fully installed, tested and put into production in a few days."
Serge Arnone, IT Manager, IDB Swiss Bank Ltd
Meeting Compliance Requirements with GoAnywhere
How Government Organizations Secure Data with GoAnywhere
Secure File Sharing for Government and Public Sector
How the Federal and Public Sectors Use GoAnywhere MFT
The fifth largest county in Colorado, Adams, discovered a streamlined, consistent way to automate their file transfers between internal systems, external systems, and trading partners with GoAnywhere MFT.
To facilitate a payroll project, the team in Adams County started using GoAnywhere's run-time mode to verify that files are correct before going out. As soon as the files are approved by staff, they're sent out with the click of a button.
The City of Modesto needed a secure way to meet their trading partners' requirements. With GoAnywhere MFT, they were able to quickly address their need to submit data to CalPERS (California Public Employee Retirement Systems).
The State of Maryland's Department of Labor, Licensing, and Regulation (DLLR) needed to securely automate their native processes on the IBM i. Discover how GoAnywhere MFT allowed the development staff to return to their regular development tasks.
When the county clerk’s office stopped accepting paper documents, the Public Defender’s Office - 4th Circuit found GoAnywhere MFT, a solution that reduced employee workloads, improved collaboration, and satisfied compliance requirements for web service connections and e-filing. Read the full case study to learn more.