NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Three Steps to Acing Your Next FISMA Audit

April 7, 2016

  • Blog
  • Archive

Acing a FISMA Audit

The Office of Management and Budget (OMB) released their latest report to Congress last month. According to the Federal Information Security Modernization Act’s (FISMA) Annual Report to Congress, during FY 2015, Federal agencies reported 77,183 cybersecurity incidents, a 10% increase over the 69,851 incidents reported in FY 2014.

The Federal government has taken unprecedented steps toward updating its IT infrastructure and bolstering cybersecurity in the last several months through the Consolidated and Further Continuing Appropriations Act, 2015 (P.L. 113-235), and the FY 2017 President’s Budget proposal for a $17 billion investment in resources for cybersecurity. Despite those efforts, the OMB report reveals a trend – there’s still a coverage gap in two critical areas of agencies’ cybersecurity programs – privileged access management and threat analytics.

FISMA Section 3555 requires the Inspector Generals of each agency to evaluate their department’s cybersecurity practices and programs in ten areas. The table below is a summary of findings for 9 of the 10 program areas (excluding ISCM):

FISMA AuditPrograms not in place were more prevalent in the areas of configuration management, identity and access management, and risk management, with up to fifteen agencies not having one or more of these programs.

According to Table 14, 30% of agencies have no program in place for Configuration Management, and 26% have no program in place for Identity and Access Management.

The FISMA control families for Configuration Management include requirements for threat analytics, which are described as capabilities that identify deviations from the approved baselines, visibility at an enterprise level. For Identification and Authentication (represented in the report as identity and access management), the FISMA requirements include capabilities for strong authentication, multi-factor authentication, and privileged access management. These controls represent a great opportunity for agencies to protect their sensitive data and address the root cause of many recent breaches, including the OPM breach – unauthorized access through methods such as compromised privileged credentials.

Acing Your FISMA Audit With BeyondTrust

This annual report to Congress shows that there is much work to be done to reduce cyber risk to Federal networks. For agencies that are struggling with where to begin, we have developed a quick, 3-step path to improving adherence to FISMA requirements.

Step 1: Implement Privileged Password and Session Management

BeyondTrust PowerBroker Password Safe automates password and privileged session management, providing secure access control, auditing, alerting and recording for any privileged account. By improving the accountability and control over privileged access, IT organizations will reduce security risks and meet compliance requirements.

By combining PowerBroker Password Safe’s privileged password and privileged session management solutions with existing identity and access management tools, agencies can address the requirements for both strong authentication and privileged access management by ensuring privileged credentials protected.

Step 2: Extend Privileged Access Control to Use Endpoints

BeyondTrust PowerBroker for Windows, PowerBroker for Mac, and PowerBroker for Unix & Linux are least privilege management software products that reduce the risk of privilege misuse on physical and virtual Microsoft Windows and Mac desktops and Unix and Linux Servers. By implementing least privilege, agencies can eliminate administrator privileges, simplify the enforcement of least privilege policies, maintain application access control, and logs privileged activities. As a result, IT closes security gaps, improves operational efficiency, and achieves compliance objectives faster.

Step 3: Improve Visibility Over Areas That Pose the Greatest Risks

BeyondTrust helps agencies pinpoint deviations from the approved baselines and provide visibility at the organization’s enterprise level. BeyondInsight is an advanced threat analytics platform that enables IT and security professionals to identify the data breach threats typically missed by other security analytics solutions.

BeyondInsight pinpoints specific, high-risk users and assets by correlating low-level privilege, vulnerability and threat data from a variety of BeyondTrust and third-party solutions.

Want to learn more about how BeyondTrust¹s solutions can help your organization? Download our white paper, Meeting NIST SP800-53 Requirements with BeyondTrust Solutions.

Photograph of Sandi Green

Sandi Green, Product Marketing Manager, BeyondTrust

Sandi Green is the Product Marketing Manager for PowerBroker Password Safe, PowerBroker for Windows, and PowerBroker Mac at BeyondTrust. She has over 20 years of sales and solutions marketing experience with technology companies that served a variety of industries ranging from life sciences, human capital management, consumer packaged goods and most recently IT security. When she’s not following the latest trends in Cybersecurity, she’s busy following college football and basketball. Follow her on Twitter at @SandiGreen3.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.