FISMA, NIST and FIPS Compliance Solutions

SecureWorks offers a full breadth of services to help federal agencies and their affiliates in their FISMA compliance efforts. As one of the leading providers of security services, we have strong experience partnering with federal agencies and we can help you improve your security controls in accordance with NIST guidance and FIPS requirements.

Managed Security Services
SecureWorks’ Managed Security Services provide critical security controls to protect agency information assets from attack. Aligning closely with NIST SP 800-53 guidance for Recommended Security Controls, our 24x7x365 Managed Security Services support compliance with FIPS 200 requirements and include:

• Full-lifecycle co-management and monitoring of Intrusion Detection and Prevention Systems (IDS/IPS)
• Full-lifecycle co-management and monitoring of Firewall and Gateway appliances
• 24x7 real-time Security Monitoring of logs and alerts by certified security professionals
• Comprehensive Log Management including forensically-sound Log Retention
• On-demand Security Information Management with enterprise-wide security and compliance reporting
• Highly accurate, non-disruptive Vulnerability Scanning for the network perimeter, internal systems and web applications
• Actionable Threat Intelligence with early warning of the latest attacks, vulnerabilities and trends

Professional Services
Delivered by top-quality consultants with deep security and compliance expertise, SecureWorks’ Professional Services provide expert guidance and support for your FISMA compliance efforts. Leveraging strong experience with the NIST SP 800 Series as well as other standards such as ISO, COBIT, PCI DSS, etc., SecureWorks Professional Services can help improve your security posture and compliance with NIST SP 800, FIPS 199 and FIPS 200. Services include:

• Compliance Assessment and GAP Analysis
• Technical Control and Architecture Review
• Penetration Testing
• Risk Assessment
• Incident Handling and Response
• Forensic Investigation
• Risk Management Program Development
• Policy and Procedure Development
• Web Application Assessment
• Security Awareness Training

About FISMA Compliance

Intended to improve information security within the federal government and its affiliated organizations, the Federal Information Security Management Act (FISMA) requires each federal agency to “develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency.” Federal agencies are rated annually based on results of the annual FISMA audit process.

To assist agencies in implementing FISMA, the National Institute of Standards and Technology (NIST) develops and issues standards, guidelines and publications including the NIST Special Publication 800 Series as well as the Federal Information Processing Standards (FIPS). The NIST SP 800 Series provides guidance that federal agencies must follow to secure their information assets. Approved by the Secretary of Commerce and required by FISMA, FIPS 199: Information Systems Security Categorization and FIPS 200: Minimum Information Security Requirements are compulsory and binding for federal agencies – meaning they must be complied with.

Additional Resources

• FISMA Legislation (PDF)
• NIST Computer Security Resource Center
• NIST SP 800 Series of Guidelines and Standards
• FIPS 200 Minimum Security Requirements
• FIPS 199 Standards for Security Categorization
• Government Security and Compliance Solutions