Tag Archives: Federal Information Security Management Act of 2002

FISMA Web Hosting Compliance – 8 Guidelines … Plus Some Jokes

 

English: Certified HIPAA Privacy Security Expert

FISMA, or the Federal Information Security Management Act, became law in 2002 as a piece of the E-Government Act. The basic idea behind the act is to ensure the security of information handled by a federal agency. Supposedly one or another of the branches of the federal government is in possession of important and sensitive information that another nation or organization might want to see – who knew?

We are FISMA-compliant. That essentially means that we can work with government agencies and other organizations that handle government information. A couple of similar forms of compliance that we have in place are HIPAA, allowing us to work with healthcare companies, and PCI, allowing us to work with any company or organization accepting payments by credit card online.

More importantly than what companies we can take on as clients, though, is what our various compliances and certifications say about our company. We are dedicated to passing every test out there, not just to establish broad international credibility, but also because it allows us to test our standards and security protocols. Undergoing the numerous rigorous crosschecks of these standards makes our infrastructure stronger – or at least gauges the strength and gives us a better sense of any potential problems which need addressed.

Below, we will look at what FISMA is all about. Also, as with my previous two articles on PCI and HIPAA, let’s take a look at a few of the newer standardization acronyms that are becoming more popular (so we can all stay ahead of the curve). Here is the first of those:

Up & Coming Standards Acronyms: CHCS Hootenanny Standards

The Country Hootenanny Standardization Consortium (CHSC), which determines standards for square dancing and instruments such as the fiddle and banjo and jug, releases a set of standards each year to ensure that hootenannies never go out of style. Here are the new 2013 additions to the standards manual:

  • No more R. Kelly covers
  • No huffing gasoline out of the jug while playing it
  • No dirty square dancing
  • Hands and feet must be showing at all times, whereas elbows and knees are still free to go wherever they please.

FISMA Security Protocol – 8 Guidelines

The following are the basic rules established by FISMA. As you will see, these are very simple and broad guidelines but will give you a general a sense of what’s involved with compliance:

  1. Reviews/Checks – On a regular basis, the agency or organization that is compliant with FISMA will assess risk, specifically the types of damage and amounts of damage that would be caused by a breach in security
  2. Adaptable Policy – Policy should be in place that is adaptive to the results of reviews. The policy should determine budget-conscious ways (for government bodies) to bring any security risks within allowable parameters. Security of information should be sustained throughout the entire time that an information database, system, or network is active.
  3. Specific plans should be in place related to each electronic system or any systemic components in use at a particular organization. Particular rules and guidelines pertaining to networks, facilities, and information systems should be delineated.
  4. Training should occur so that the workforce and anyone working within the system on a contractual basis is completely aware of FISMA and the risks associated with breaches to the data contained within the system
  5. Once new sets of policies and controls are implemented, a timetable for further reviews should be set. The regularity of reviews should depend on the extent of risk that is shown by the first review (and similarly moving forward); at minimum, reviews should be conducted once per year.
  6. The process to plan, change, assess, and record any efforts to adapt the systems should itself be on record
  7. A system should be in place to determine when a security problem is occurring, to notify appropriate personnel, and to combat it effectively
  8. Plans should be in place to allow information systems that protect and secure data to run continuously, without interruption.

Up & Coming Standards Acronyms: Eating & Drinking Spillage Standard

Another acronym that has become much more prevalent in the last six months comes from the people of the consumption industry. The Eating & Drinking Spillage Standard (E&DSS) provides guidelines that make it less likely that people will spill anything when they are enjoying a meal, snack, or beverage. Basic parameters of the standard allow all who are compliant to waste less of their drinks and treats, as follows:

  • No consumption on the Tilt-a-Whirl
  • Never share food or beverages – keep them close to your body at all times
  • Adhere to the five-second rule (it’s not spillage, technically, until the sixth second)
  • Throw away anything crumbly – such as crackers and some cheeses. Cheese-and-cracker platter zealots are just asking for trouble.

Conclusion

That should give you a basic sense of the guidelines created by FISMA. FISMA is, in a nutshell, an effort to develop across-the-board guidelines for the entire federal government, agencies using federal information, and/or those that have federal clients. As established above, FISMA is just one of the various certifications we have in place at Superb Internet. Here are our hosting packages as well. If you have any additional game-changing acronyms that are just now becoming popular, please let us know in the comments.

by Kent Roberts and Richard Norwood