Define: Federal Information Security Management Act of 2002?
The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
Top FISMA Companies and Solutions
This article showcases Threat.Technology’s top picks for the best FISMA solutions. We selected these companies for exceptional performance in one of these categories:
- Innovative ideas
- Innovative route to market
- Innovative product
- Exceptional growth
- Exceptional growth strategy
- Societal impact
CLEAR, the secure identity company, uses biometrics to build a connected world that’s smarter and more secure. It links identity with different information sets, including credit cards, tickets to the game, reservations, frequent flyer numbers, flight manifests, health care identification, driver’s licenses, and passports.
CLEAR’s data security framework meets the highest standards for performance and for protecting sensitive information — FISMA High- and SAFETY Act-certified by the Department of Homeland Security. CLEAR’s users are always in control of their data and do not sell user information.
CLEAR was founded by Caryn Seidman-Becker and Ken Cornick in November 2010 and is based in New York, United States.. .
Xceedium is a leading provider of zero-trust privileged access management solutions. Xceedium products are used by large enterprises and global government agencies to meet stringent security and compliance needs.
Its technology allows organizations to control access to their networks based on who the user is, and contains the user to explicit resources, which eliminates the risk of allowing untrusted third parties and privileged users on their networks. The company’s technology secures and enforces policies for the privileged user and application-to-application passwords.
Coupled with cutting-edge monitoring capabilities, Xceedium enables commercial and government organizations to address and prove compliance with requirements including PCI DSS, FISMA, NIST-800.53, HIPAA, and NERC CIP. Xceedium products are FIPS 140-2 Level 2 and Common Criteria EAL4+ certified..
nCircle Network Security
nCircle Network Security, Inc. provides agentless security risk and compliance management solutions.
The company’s products include IP360, the vulnerability and risk management solution that provides reporting, vulnerability prioritization, and remediation workflow designed to enable risk reduction; and Topology Risk Analyzer, which prioritizes vulnerabilities utilizing intelligence about the network layout. Its products also include Security Intelligence Hub, an open-architected reporting and integration point for collecting and sharing network intelligence across the enterprise security ecosystem; and nTellect, a threat prioritization system that leverages IP360’s updated network intelligence to improve the accuracy and effectiveness of Cisco and McAfee’s IDS and IPS.
In addition, the company’s products include Certified PCI Scan Service, an automated network security scan and reporting service, which enables customers to monitor and report on compliance with the PCI security standard; and Security Policy and Regulatory Compliance Solutions that compliance with internal security policies and automate security process, as well as support government- regulatory compliance solutions for FISMA and IAVA. It also provides configuration and regulatory compliance, reporting and analytics, and government solutions.
The company offers vulnerabilities and exposures research team, consulting, and training services. Its security solutions are used by financial services, energy, utilities, retail, consumer goods, healthcare, pharmaceuticals, government, media, leisure, and technology enterprises, as well as government agencies and service providers to identify, measure, manage, and reduce security risk and automate compliance on their networks.
The company was formerly known as Hiverworld, Inc. nCircle Network Security, Inc.
was founded in 1998 and is headquartered in San Francisco, California with regional offices in Atlanta, Toronto, and London.. .
SAINT develops security software including integrated vulnerability assessment, penetration testing, configuration auditing, and compliance. SAINT uncovers areas of weakness in the network and recommends fixes.
With SAINT you can: Identify vulnerabilities on network devices, operating systems, desktop applications, Web applications, databases; Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders; Go beyond simply detecting vulnerabilities to safely exploiting them; Demonstrate compliance with current government and industry regulations such as PCI DSS, NERC, FISMA, SOX, GLBA, and HIPAA; Perform configuration audits with policies defined by FDCC, USGCB, and DISA.. .
Cloudnosys platform delivers security, compliance, and DevOps automation. Continually scan your entire public cloud services for security and compliance violations for Network Security, IAM Policies, VPC, S3, Cloudtrail, containers etc.
Provides DevOps automation and policy-driven guided remediation for GCP, Azure, and AWS. Meet PCI, HIPAA, NIST, ISO27001, SOC2, FISMA, AWS CIS Benchmark compliance quickly.
SOAR based playbooks provide automation and remediation for all incidents.. .
SecureInfo Corporation provides information assurance solutions. It provides strategic advisory services, which include security program creation and management, policies and procedures, architecture and design, and FISMA preparedness assessments; threat management services, including vulnerability scanning, penetration testing, code review and assessment, incident response, and CSIRC development; and certification and accreditation solutions, such as certification and accreditation services, IV&V services, SecureInfo RMS, training and awareness, and SI-CAP.
SecureInfo Corporation, Inc. has strategic partnership with L3 Communications, Lockheed Martin, Northrop Grumman, Perot Systems, SAIC, and SRA International, Inc.
The company serves the U.S. Air Force, U.S.
Army, Department Of Homeland Security, Immigration and Customs Enforcement, FEMA, U.S. Coast Guard, NASA, The Peace Corps, Library of Congress, National Weather Service, U.S.
Treasury, and U.S. Secret Service.
SecureInfo Corporation was founded in 1992 and is headquartered in San Antonio, Texas with additional offices in McLean, Virginia.. .
HAWK Defense provides an innovative Big Data Security Analytics (BDSA) platform that allows enterprises make timely, well-informed security decisions from the ever-growing aggregations of logged data. Hawk’s eyeCon software solution bridges the gap between legacy SIEM and Big Data Analytics with a massively scalable architecture that delivers high-speed data ingestion and a highly efficient patented analytics engine.
HAWK Defense customers benefit from rapid installation and setup times, simple administration, out-of-the-box analytics, and dynamic threat intelligence feeds. The eyeCon solution supports the security analyst a ‘single pane of glass’ with insight to indicators of compromise that were previously undetectable, support to validate, prioritize, and respond to increasingly sophisticated cyber threats.
eyeCon technology is also used to ensure compliance with a myriad of mandates such as PCI DSS, NERC CIP, GLBA, FISMA, HIPAA, SOX and GPG 13. Alert-driven correlation, while important, is limited to those events that trigger on a security device.
These alerts without context have the propensity to generate false alarms at a very high rate. Confidently detecting true indicators of compromise (IOCs) in a timely manner requires the ability to consume all streaming event data, correlating alerts, and applying advanced analytics to user activity, application activity, and asset activity from all systems.
The ability to actively observe and measure behaviors from data across the entire enterprise IT environment is critical to determine validity and priority of real threats. Alert data + Behavior data analyzed together will lead to a higher degree of accuracy and capability to deliver effective, timely response to true IOCs for effective risk mitigation..
TDI (Tetrad Digital Integrity LLC)
TDI was founded in 2001 to pursue Cyber Security as its core competency. Since inception, TDI has led or participated in more than 100 separate cyber security tasks in the government and commercial areas around the world.
TDI has outstanding credentials in its core capabilities of penetration testing, program management, information security, C&A, FISMA compliance, and all areas of cyber security engineering. We pursue the latest developments in information security through active lecturing at international information security conferences, publishing cyber security articles, and working on the cutting edge of information cyber security development programs..
Jacobian Engineering is a cybersecurity and software development firm capable of building highly scalable, secure, compliant, maintainable and reliable services. We have a deep bench of highly trained staff capable of playing the role of solutions architect, IT operations and operational management and/or auditing and compliance reviews.
Security and Compliance • CISSP, CAP and PCI trained staff experienced building both secure software and secure infrastructure to meet HIPAA/HITECH, ITAR, PCI, ISO27k and other compliance frameworks. • Maintaining complete independence and impartiality, we conduct NIST / RMF security audits, ASV scanning, penetration testing and help customers maintain compliance and security standards.
• Conduct SSAE16 compliance audits (formerly known as SAS70). • Assist companies in establishing compliance and security programs to meet FISMA reporting requirements.
Operations • Jacobian maintains a 24/7/365 network operations team trained and ready to take on all or partial operations for customers. • Build, deploy and maintain robust monitoring networks and technologies for use by our NOC or by customers directly to alert, trend and monitor operations.
• Provide Level 1/2/3 IT remote and on-site support for customers based upon business needs, SLA and program requirements. Software Development During diligence and program review, we pick the right technology for the job based on security/compliance, operational requirements, maintenance/training and customer preferences.
Technologies in our solutions used by customers today include: • Embedded systems, control system drivers, video and communications – C++ • High transaction RESTful services – Python, Node.JS • Web applications, e-commerce sites and scripts – PHP / Ruby / Rails • DevOps automation on thousands of nodes – Chef / Puppet / FinalBuilder • NoSQL – Mongo, Redis • SQL – MySQL, MS SQL Server • Many other technologies – RabbitMQ, Ansible, Capistrano, etc.. .
Gold Comet is a patented and secure information transmission system for individuals, businesses, and the government. Using state-of-the-art equipment housed in a FISMA High rated facility, proven 256-bit encryption and their patented dynamic key pair, Gold Comet strives to be the leader in secure communications for individuals and corporations who demand privacy and security in their online communications.
Gold Comet was founded by a small team of IT specialists who envisioned a method of secure communications for individuals and corporations that surpassed the security standard currently seen in online communications.. .
SecureFLO, LLC provides information and cyber/information security as a service. Data security that focuses on risk from cyber threats, business process, regulatory compliance, and overall operations.
We will work with your company to asses for HIPAA, FISMA, PCI, SOX, NERC, GDPR, NYDFS, CCPA, etc. We also help you develop standards like NIST, ISO, COBIT, UCF to develop good governance and policies.
We understand risk from a security and privacy perspective. We will help you conduct a Penetration test, Vulnerability scans, Secure code reviews to support the assessments.
All remediation efforts that include but not limited to DevOps, cloud, desktop email, network, etc. visit https://www.secureflo.net/services/ for more information.
Subsystem Technologies, Inc. offers engineering and manufacturing, information security, information technology (IT), and enterprise program management process improvement services in Virginia.
Its engineering and manufacturing services include department of defense engineering and support, federal aviation administration engineering, inventory visibility management, radio frequency identification, multimedia support, and on site and off site training; and IT services comprise software development, desktop and server maintenance, network administration, data mining, Web-enabled applications, and automated search and retrieval. The company’s information security services include conducting risk analysis, site surveys, integrated products integrity analysis, vulnerability assessments, penetration testing, and certification and accreditation per NIST guidance; analyzing physical security; and developing security policy and procedure documentation and mitigation plans, FISMA compliance, and security computer-based training.
Its enterprise program management process improvement services comprise aligning process improvement, analyzing existing processes and deliverables, adhering to existing processes, ensuring new and/or modified processes are understood, creating metrics to assess process adherence, creating quality assurance guidelines to measure adherence, assessing compliance adherence, creating an improvement culture, and preparing and maintaining exhibits, as well as creating regular process review, evaluation, and refinement. The company serves federal government clients, including the Federal Aviation Administration, the Department of Homeland Security, and the U.S.
Department of Justice, as well as the U.S. Army Armament Research, Development, and Engineering Center.
Subsystem Technologies was founded in 1986 and is based in Arlington, Virginia.. .
Ounce Labs’ solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. Ounce analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues.
With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with internal policies as well as industry regulations such as PCI, FISMA, and Sarbanes-Oxley, and best practices including the OWASP Top 10.. .
Hackproof Security is a comprehensive security testing and validation solution for small businesses. Harnessing enterprise-grade security testing techniques and technologies, their solutions can help organizations find and resolve security weaknesses and vulnerabilities within websites, services, and critical infrastructure.Engage with us today to see how they can help.
Hundreds of small businesses are breached weekly, and security breaches in the last year have impacted personal and financial information of over 150,000,000 individuals and organizations globally. Take the first steps to improve your organization’s security posture – It only takes a few minutes to get started.
Hackproof.com helps companies prevent hacker damage, malware and data breaches by working to find and help fix security flaws within their websites and critical infrastructure. With their help, companies can demonstrate security, compliance and a peace of mind.
Hackproof for Commerce supports PCI Compliance, due diligence, fiduciary duty, state privacy and other information security and privacy requirements of the commerce industry, helping protect confidential personal and financial information and systems from hackers, data breaches and compromise. Hackproof for Healthcare supports HIPAA/HITECH, due diligence, fiduciary duty, state privacy and other information security and privacy requirements of the healthcare industry, helping protect confidential personal and health information and systems from hackers, data breaches and compromise.
Hackproof for Finance supports GLBA, FISMA, due diligence, fiduciary duty, state privacy and other information security and privacy requirements of the financial industry, helping protect confidential personal and financial information and systems from hackers, data breaches and compromise. Hackproof for Insurance supports FinCEN, HIPAA, GLBA, fiduciary duty, statutory privacy and other information security and privacy requirements of the Insurance industry, helping protect confidential information and systems from hackers, data breaches and compromise.
Hackproof for Real Estate supports NAR, fiduciary duty, state privacy and other information security and privacy requirements of the Real Estate industry, helping protect confidential information and systems from hackers, data breaches and compromise. Hackproof for Technology supports security needs of technology-centric organizations and service providers, helping protect their networks and confidential customer information from hackers, data breaches and compromise..
Savid Technologies provides specialized IT security services in the United States and internationally. It offers advisory services such as strategy assessment and management services; and application and mobile device security, compliance, penetration testing, and risk management services.
The company also provides technical services such as black and white box testing, policy and procedure audits, and IT security technology deployments; and configuration and system hardening, database, secure software development life cycle, application security, wireless security, VoIP, employee security awareness, business continuity management plan, PCI compliance, and HIPAA and FISMA compliance assessments. The company serves the financial services, insurance, critical infrastructure, healthcare, retail, and education industries as well as government clients.
Savid Technologies was founded in January 2014 and is based in Tinley Park, Illinois.. .
They are experts in Security Audits, Penetration Testing and Enterprise Management Solutions. If your cybersecurity needs are focused in the Compliance, Certification and Accreditation, or Risk Management Framework needs.
Their experience assists organization in the development of Cyber progarms which support both the Private and Public sector needs. They work with FISMA, NIST, Nerc, FDIC, FFIEC and other programs which have developed regulations for different industries..
Security assessments, penetration tests, application reviews and forensics investigations. Compliance and security management solutions, whitepapers, presentations and product reviews.
flyingpenguin partners with K3DES, one of the worldâ€:tm:s leading PCI Compliance firms, to perform DSS and PA-DSS audits, as well as payment card security consulting and incident response. We help organizations of all sizes navigate compliance and security requirements such as CSA, SOX, HIPAA, PCI, GLBA, Basel II, FISMA, NIST and the ISO 27000 standards..
xbasics, LLC makes the Federal Information Security Management Act (FISMA) and the security of US federal information systems its primary business through the development of software tools built from the ground up to tackle real problems faced by government security professionals and consultants throughout the course of the FISMA certification and accreditation (C&A) life cycle. Information assurance is not a once in a while activity, but a continuous one that requires specialized security professionals and the tools needed to back them up.
Based in Northern Virginia, xbasics, is a minority-owned company founded with the goal of improving the output of FISMA-based certification and accreditation efforts through the development of advanced, easy to use, compliant software tools.. .
There are 100s of file collaboration tools. We are *not* one of them.
SecureSlice is not just a file sync/collaboration tool. We have mastered one thing really well – Compliance + Security.
We automate compliance and file sharing. A simple example: if you send a file from EU to US, and your company must follow Safe Harbor regulations, then we ensure you are compliant.
Zero user intervention – Zero fines – 100% compliant. Now apply the same logic to other regulations like HIPAA, FISMA and SOX.
Our two top features that customers love are: Tags: Create your security rules (think data classification). Now simply apply that tag to your file.
All those security rules you just created are automatically applied to your file. Request list: No more typing and tracking audit requests.
This article was written by Benjamin Skute from Threat.Technology. The editor for this article was Tess Page. If your company is featured in this article and you want to have amendments made please contact us on: [email protected].
Alternatively you may write to us at: Threat.Technology/Fupping Ltd, First Floor, 61-63 Rochester Pl, London NW1 9JU.