The E-Government Act of 2002 passed by Congress and signed into law December 2002, recognizes the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled 'The Federal Information Security Management Act of 2002' (FISMA), requires agencies to: Follow specific standards to categorize all information and information systems data collected, maintained by, or on behalf of each agency using defined risk criteria Maintain an inventory of types of information and information systems Ensure certain minimum information security requirements (i.e., management, operational, and technical controls) are in place for information and information systems in each such category. Periodically test and evaluate information security controls and techniques to ensure that they are effectively implemented Data Sheet Key Features Whitepapers FIPS Publication 199 addresses the first task cited'to develop standards for categorizing information and information systems. NIST 800-53 provides guidance on minimum control requirements for each category of information and information systems. While FIPS 199 and NIST 800-53 provide much guidance and useful process information, federal agencies are still challenged to find ways of automating their FISMA compliance tasks to the fullest extent possible to achieve compliance, given their resource and budget constraints.

Rsam's mature, & flexible solution provides a centralized, web-enabled platform to categorize all information systems, assess their controls based on their risk & information classification levels and record related documentation. Rsam comes pre-populated with FISMA content (FIPS 199 / SP 800-60 security categorization content, NIST 800-53v2 controls at the agency and system level, test objectives and methods from NIST 800-53A and data capture for System Security Plans) Built in import map support scanners like Nessus, Qualys, Foundstone, AppScan, WebInspect, Fortify etc. and other pre-defined forms, which your organization can further customize to match it's specific scope of assessment. Rsam's foundation services powered by Risk Analytics allows organizations to; automate & manage findings and timelines; define and oversee certification & accreditation processes/workflow; trigger notifications and reminders; and schedule launch assessment cycles as related to FISMA compliance. Rsam helps automate and manage cumbersome FISMA compliance activities such as: Create a risk inventory of all systems and compliance targets Determine security categorization Document and integrate common controls into system assessments Conduct risk assessments Record POA&Ms for remediation at the control, system or organizational level Develop system security plans including lists of interconnected systems and designated contacts Perform control testing applying 800-53A data from a library of objectives and methods Track scanned vulnerabilities & remediation plans Analyze all the data Generate out-of-box reports & dashboards Stay on top of compliance activities by automating reminders and alerts to appropriate stakeholders and more