New service aims to ease FISMA compliance

NetSec Inc. today announced a service to help agencies meet the requirements of the Federal Information Security Management Act.

The Herndon, Va., company provides managed security services to nine Cabinet agencies. The new FISMA Enterprise Tracking and Reporting service (FISMA ETR) makes information already managed by other NetSec services available to reporting tools, company president Ken Ammon said.

"We have seen an enormous amount of our clients' security resources consumed with the process of reporting on FISMA," Ammon said.

The service creates a workflow across an enterprise for stovepipe data repositories and reporting tools.

Two significant requirements under FISMA are tracking progress in certifying and accrediting systems and reporting on plans of action and milestones for correcting security weaknesses that have been identified as deficiencies under the Office of Management and Budget's guidelines.

FISMA ETR automates these processes, Ammon said.

The service can be accessed through the same Web portal used for NetSec's managed services, or it can be bought as a standalone service. The company is promoting the cost-efficiency of subscribing to a service over developing or implementing an application.

The product could be deployed at the agency level or bureau level, giving smaller offices the ability to report information up to senior officials.
The FISMA tool is government-specific "but at its core is compliance and visibility," Ammon said. It can be modified to meet regulatory and other requirements for other markets.

The service is available now. Ammon said the company is finalizing contracts for the service with two federal agencies.