How to Ensure Your Data Center is FISMA Compliant
Security has always been a big challenge, even more so with the rise of high-profile attacks over the last three years. More than 150 new trojans, bots, viruses and other malicious malware surface every week.
The US government’s efforts to protect its critical infrastructure from these threats has manifested through the Federal Information Security Management Act (FISMA). FISMA regulates the information system processes used by all federal agencies and their contractors.
FISMA stipulates entities dealing with the government to use or outsource to a FISMA compliant data center. In fact, it may actually be easier to outsource to a data center that offers FISMA compliance, rather than trying to ensure FISMA compliance on-premises. Since FISMA is in essence nothing more than a set of standardized security best practices, large organizations would also do well to opt for data centers that strive for FISMA compliance.
The million-dollar question is: How do you ensure that the data center is FISMA complaint?
FISMA offers a framework for developing, implementing, monitoring and reporting on issues related to security. The National Institute of Standards and Technology (NIST) release specific technical and operational controls that fill such a framework.
- Define procedures for security
- Cater to configuration management and planning
- Have controls in place for implementation of NIST 800-53 control, privacy act controls, and other policies
- Have ongoing test for compliance in NIST 800-53, Privacy Act and other policies, reports deficiencies, and the ability to take corrective action
- Cater to incident detection and response
- Have contingency planning in place and monitor its status on an ongoing basis
- Identify and resolve risks through a comprehensive risk assessment exercises
- Facilitate the creation of specific certification and accreditation (C & A) package documentation
- Facilitate the development of standard reports
- Have training & awareness for the workforce to identify security risks
- Conduct annual reviews on the effectiveness of the procedures
The data center is essentially FISMA compliant if it facilitates the above and adopts NIST specifications to do so.
The responsibility for compliance ultimately falls on the business, and as such, it is important to select the right data center. With decades of expertise in providing compliance and reliability, Lifeline Data Centers makes for the perfect partner for your data center requirements. Visit our website to know more.