The NIPP can provide a vital tool for promoting successful critical infrastructure protection. Congress can make a valuable contribution by promoting a sound risk methodology and policies focused on keeping Americans free, safe, and prosperous.
Be compliance with FISMA (The Federal Information Security Management Act) is United States legislation that defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats. It is a matter of national security, and as a result, it is the focus of continuous scrutiny at the highest levels of government. Federal departments and agencies, as well as organizations that work with federal information systems, need to adopt and refine the information security management processes that ensure up-to-date and comprehensive risk assessments, measurable response management and detailed compliance reporting all in a cost-effective and timely manner.
Technologies are available to enable organizations to address regulatory compliance issues. For instance, vulnerability management systems can help government agencies and departments automate many of the steps in the FISMA compliance process.
Complete lifecycle vulnerability management systems can conduct accurate and thorough assessments of potential risks and vulnerabilities to information systems on a continuous basis and manage the process of eliminating those risks.
Data captured from these risk assessments can then easily be created into compliance reports. By helping organizations to identify vulnerabilities and take necessary steps to resolve issues, vulnerability management helps to reduce the number of targets an attacker can exploit in a network. Unlike perimeter defense security solutions that focus on threats, vulnerability management systems harden the targets. In the fire safety analogy, it is the