Network Encryption from CipherOptics
 
 
 Company Overview
 Executive Team
 Board of Directors
 Executive Advisory Board
 Newsroom
 In the News
 Tradeshows & Events
 Industry News
 Trophy Room
 Press Releases
 Careers
 Solutions Overview
 Network Encryption
 MPLS Network Security
 Metro Ethernet Security
 International Data Protection
 Network Security & Data Protection
 Disaster Recovery
 Ethernet Encryption
 Point-to-Point Encryption
 Real-time & High-volume Applications
 Secure Information Sharing
 Products Overview
 CipherEngine™
 Security Gateways
 Service Offerings
 Resource Center
 Compliance Overview
 HIPAA Compliance
 Sarbanes-Oxley Compliance
 GLBA Compliance
 CA SB 1386 Compliance
 PCI DSS Compliance
 Basel II Compliance
 FERPA Compliance
 FFIEC Compliance
 ISO 17799 Compliance
 NERC Cyber Security
 Government Overview
 Government Regulations
 FISMA Compliance
 DoD 8100.2 Compliance
 NISPOM Compliance
 DCID 6/3 Compliance
 Government Security News
 10Gig Network Encryption
 Partner Overview
 Strategic Partners
 Resellers
 Technology Partners
 Become a Partner
 Partner Portal Login
 Contact Information
 Web Contact Form
 Support
 
   

Government Solutions

Government Sales
Jim Drain
1-877-258-3034
fedsales@cipheroptics.com
Ask a Quick Question

Our Customers
A few of our government customers
Accreditations
FIPS 140-2 Validated
Environmental Compliance
White Papers
Browse our collection of
white papers and learn how CipherOptics' innovative approach resolves the traditional difficulties of network encryption.
Home > Government Solutions > FISMA Compliance

FISMA Compliance

The goal of The Federal Information Security Management Act of 2002 (FISMA) is to have federal agencies define and architect the required security mechanisms within IT initiatives that support and enforce security planning, testing, and evaluation. Along with FISMA, other applicable laws pertaining to the U.S. government's information technology security program include the Paperwork Reduction Act of 1995 and the Clinger-Cohen Act of 1996, which replaced the Computer Security Act.

How does CipherOptics help?
CipherOptics CipherEngine enables Secure Information Sharing, which assures the confidentiality, authenticity, and integrity of data in motion on any network. Our approach to protecting both your network and your data is to deny access to everyone, permit by exception. With that as our driving force, our solutions provide you with both encryption and authentication of all your critical information.

We use 256-bit AES encryption that is approved by the government for "sensitive but unclassified" information; our solutions authenticate networks and packets, as well as, protect data. Using the robust secure hash algorithm (SHA-1) to verify the integrity of the data, rejecting any packets that have been manipulated or altered.

FISMA security compliance requires a layered approach to network and data security. CipherOptics is an important component of this comprehensive security strategy. By protecting confidential data in motion, CipherOptics dovetails with perimeter security and ID management for best practices and FISMA regulatory compliance.

What does CipherOptics do?
CipherOptics is the leader in network-wide encryption. Offering an innovative policy and key management solution, coupled with high speed, low latency encryption technology, CipherOptics helps their customers mitigate the risk of data leakage, loss and theft over any network.

Who is affected by FISMA?
Federal agencies, contractors, and any other company or organization that uses or operates an information system on behalf of a federal agency must comply with FISMA regulations. In other words, FISMA also affects many companies that do business with government agencies.

What are the requirements of FISMA?
The FISMA compliance process for an information system involves eight steps, from determining the boundaries of the system, through implementing security controls and conducting risk assessments, to certification and accreditation of the system, and ending with continuous monitoring.

Title III of the act deals with the information security aspect of this process. It defines the critical information security objectives as:
  • Integrity - "guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity";
  • Confidentiality - "preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information"; and
  • Availability - "ensuring timely and reliable access to and use of information"

What are the penalties for FISMA non-compliance?
In contrast to prior regulatory efforts, FISMA includes significant penalties for non-compliance. Congress publicly publishes an agency's compliance scorecard, and CIOs of low-performing agencies may be asked to explain before Congress why they scored poorly. Perhaps most importantly, FISMA has substantial budget-related penalties associated with non-compliance.

How do agencies comply with FISMA?
Though scores vary from agency to agency, compliance has been a challenge overall. In both 2004 and 2005, federal agencies received an overall FISMA grade of D+ for IT security.

FISMA explicitly emphasizes a risk-based and cost-effective approach to securing information and system, to identifying and resolving current IT weaknesses and risks, and to protecting against future vulnerabilities and threats. An agency must understand its security posture and close the gaps.

A layered, reliable security solution is a necessity to address the requirements of FISMA compliance. The foundation of a layered security architecture is protection of data in motion and at rest. Robust data protection solutions support FISMA's information security objectives of data integrity, confidentiality, and availability.

Helpful Resources
Full text of FISMA
 
Copyright 2002-2008 CipherOptics, Inc. | All rights reserved | 1-877-878-6655
Trademark and Legal Notices | Privacy Policy | Site Map