Has Your Agency Encountered Any of these Challenges?
- It has been impossible to both account for all assets on your network and identify addresses of all network access points.
- You have not been able to verify, in real-time, that the concept of least-privilege is being followed.
- The sheer size and diverse nature of your Department makes ensuring overall compliance throughout the organization very hard, if not impossible.
- An inability to provide Department leadership with regular reporting summarizing the overall network security state.
Securify's continuous, automated and real-time identity-based monitoring can address all of the above areas that have plagued government IT individuals as they strive towards a higher FISMA grade.
Look at Who We Helped - From an "F" to a "B" in One Year
The Department of Health and Human Services is a massive agency that is comprised of very different operating divisions. Rather than just wanting to pass the FISMA audit, the agency wanted to employ an enterprise approach to security across this 66,000-person organization. Attaining this was feared to be a tough task as HHS is comprised of divisions focusing on such divergent areas as insurance, disease research and medical clinics. The ideal solution would be to allow headquarters to monitor and report on overall Department security while giving these totally different operating divisions the autonomy to monitor and report on their networks as they desired. But could this be done?
Securify allowed HHS to do this. Despite this seemingly insurmountable problem, HHS was able to take the enterprise approach to security while also satisfying the requirements of the divisions. In short, they succeeded in developing a homogenous solution in a heterogeneous environment.
The efforts of HHS were recognized in April 2007 when the agency tied with one other department in making the most significant improvement across the entire federal government in Report Card scores from the previous year - moving four letter grades to attain their "B."
Contrast this approach with the "checklist" mindset of just focusing on passing the FISMA audit. Simply put, that approach does not ensure continuous security. As Alan Paller, Director of Research for the SANS Institute comments "FISMA wasn't written badly, but the measuring system they are using is broken."¹ In other words, the spirit of FISMA is to ensure security - simply focusing on the checklist does not ensure that.
How Did Securify Help HHS?
Securify was a prominent factor in helping HHS make this significant FISMA score increase. By using Securify to provide continuous visibility and control of network activity, HHS was able to:
- Monitor in real-time who was on their network
- Know where they were coming from
- Understand where they were going to
- See what they were doing with critical systems when they got there
Securify provided this identity-based monitoring which allowed HHS to monitor computer activity based on both department and operating division-specific controls and understand instantaneously when those controls were violated. FISMA provided the framework for these controls - and Securify gave HHS the situational awareness into whether these controls were being followed.
Want to learn more about how Securify could be an important contributor to your FISMA score improvement? Call (703) 668-1875 or complete the below form and a solution expert will contact you.
¹http://www.gcn.com/online/vol1_no1/43103-1.html
