What is FISMA Compliance?
Signed into law in 2002, the Federal Information Security Management Act (FISMA) establishes a set of security guidelines that help to reduce the security risk to federal data. FISMA regulations apply to all agencies within the U.S. federal government, some state agencies, and any private sector organization in a contractual relationship with the government. The National Institute of Standards and Technology (NIST) is the agency named responsible for developing the security standards and guidelines necessary for FISMA implementation.
Federal Information Security Management Act Compliance Requirements:
FISMA guidelines cover topics including information system inventory, risk categorization, system security plan, security controls, risk assessments, certification and accreditation and continuous monitoring.
One of the most popular and robust NIST publications set forth in accordance with FISMA is NIST SP 800-53, “Recommended Security Controls for Federal Information Systems and Organizations.” This publication is used by organizations subject to FISMA regulations for establishing and maintaining best practices regarding information security.
Evaluation of compliance is reported annually to the Office of Management and Budget (OMB), and each agency’s FISMA Report Card is available to the public. Penalties for non-compliance includes censure (public reprimand) by congress, reduction in federal funding and negative publicity stemming from the public FISMA Report Card, congressional censure and subsequent media coverage.
Managed File Transfer and FISMA Compliant File Transfer
Ensuring that file transfers performed under the guidelines of FISMA are secure is an essential step towards FISMA and NIST compliance. Several of the NIST SP 800-53 controls can be addressed through the GoAnywhere managed file transfer solution, which include:
"Because GoAnywhere was so simple to implement and configure and the documentation was more than sufficient, we saved the additional costs of implementation services. The competing solutions required weeks to implement. GoAnywhere was fully installed, tested and put into production in a few days."
Serge Arnone, IT Manager, IDB Swiss Bank Ltd
Related Resources
How the Federal and Public Sectors Use GoAnywhere MFT
Adams County, Colorado
The fifth largest county in Colorado, Adams, discovered a streamlined, consistent way to automate their file transfers between internal systems, external systems, and trading partners with GoAnywhere MFT.
To facilitate a payroll project, the team in Adams County started using GoAnywhere's run-time mode to verify that files are correct before going out. As soon as the files are approved by staff, they're sent out with the click of a button.
Read the Full Story: Automating File Transfers Across Multiple Systems
City of Modesto, California
The City of Modesto needed a secure way to meet their trading partners' requirements. With GoAnywhere MFT, they were able to quickly address their need to submit data to CalPERS (California Public Employee Retirement Systems).
Read the Full Story: Meeting Trading Partner Requirements with MFT
Maryland's Department of Labor, Licensing, and Regulation (DLLR)
The State of Maryland's Department of Labor, Licensing, and Regulation (DLLR) needed to securely automate their native processes on the IBM i. Discover how GoAnywhere MFT allowed the development staff to return to their regular development tasks.
Read the Full Story: Handling Documents Securely and Efficiently with GoAnywhere MFT
Florida's Public Defender's Office 4th Circuit
When the county clerk’s office stopped accepting paper documents, the Public Defender’s Office - 4th Circuit found GoAnywhere MFT, a solution that reduced employee workloads, improved collaboration, and satisfied compliance requirements for web service connections and e-filing. Read the full case study to learn more.
Read the Full Story: Achieving Successful File Transfers and Secure Collaboration