Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Computer Security and Compliance in the Federal Government current page
Link copied

Computer Security and Compliance in the Federal Government

Resource default
Computer Security and Compliance in the Federal Government

Get Instant Access to this Content

Learn more about how to secure your business from threats in places you didn't even know existed.

The Federal Information Security Management Act of 2002 requires federal agencies to report on the state of their information security. The United States Office of Management and Budget released a reporting tool called CyberScope in 2009 to assist these agencies in meeting FISMA reporting requirements. CyberScope attempts to correct previous deficiencies and streamline the FISMA reporting process. BeyondTrust offers products that allow organizations to comply with these requirements.

Overview

Continuous monitoring is a process that detects compliance issues with an organization’s IS environment. The United States Department of State performs continuous monitoring on its network of 40,000 computers and 5,000 routers, which support 285 posts throughout the world. It uses the Risk Scoring Program to monitor an information system and assess its security in ten categories. The system receives a score between one and ten in each category, with one representing the highest level of security and ten representing the lowest level of security. The RSP uses these ten scores to assign a single letter grade to the IT professionals responsible for that system, with “F-” being the worst grade and “A” being the best grade. This assessment is performed at least once every two days.

The continuous-monitoring model of the RSP provides IT professionals with their degree of risk, and it also encourages a sense of competition with their peers. The State Department reports that its RSP has reduced the risk of its domestic systems by 83 percent and that of its foreign systems by 84 percent since 2008. The OMB has also implemented a security dashboard to complement CyberScope’s automated reporting capability. This dashboard helps to ensure that CyberScope submits its reports in a timely manner.

CyberScope uses the Internet to collect reports on IT security from federal agencies. This represents a fundamental change in the IT reporting method, which agencies previously performed on paper. Cyberscope currently has about 600 agency staff members who access this system through a standard interface by logging in with a personal identity verification and personal identity number. Users then enter live data and transmit it in a standard format to the OMB. The OMB then compiles this information and generates reports which it transmits to other agencies according FISMA requirements.

An information assurance vulnerability alert is a notification of a vulnerability that exists in an operating system or application software. The United States Cyber Command analyzes vulnerabilities on hosts that reside on the Global Information Grid and determines if the Department of Defense needs to issue an IAVA. This practice allows components of the DOD to take the appropriate action to minimize the security threat posed by these vulnerabilities.

The DOD uses three severity categories to classify a weakness in an information system. These categories include CAT I, CAT II and CAT III, with CAT I being the most severe and CAT III being the least severe. Certifying authorities or their designated representatives assign a DOD severity category to a system weakness after considering all mitigating factors.

Requirements

FISMA requires federal agencies to perform the following activities on a recurring basis:

  • Report IS data each month
  • Answer security questions
  • Attend accountability sessions and interviews
Resources
Computer Security and Compliance in the Federal Government
Share this Article
  • Link

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.