Default banner

FISMA Compliance

Thales assists with data security compliance and encryption for FISMA, the Federal Information Security Management Act

FISMA

TestFISMA assigns responsibility to various agencies to ensure the security of data in the federal government, it requires annual reviews of information security programs to keep risks below specified levels.

Thales can help prepare federal agencies and their suppliers to meet these FISMA compliance regulations through:

  • Encryption and key management;
  • Access policies and privileged user controls;
  • Security intelligence.
  • Regulation
  • Compliance

FISMA Requirements

According to TechTarget’s SearchSecurity website:

FISMA compliance requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance with FISMA compliance:

  1. Categorize the information to be protected.
  2. Select minimum baseline controls.
  3. Refine controls using a risk assessment procedure.
  4. Document the controls in the system security plan.
  5. Implement security controls in appropriate information systems.
  6. Assess the effectiveness of the security controls once they have been implemented.
  7. Determine agency-level risk to the mission or business case.
  8. Authorize the information system for processing.
  9. Monitor the security controls on a continuous basis.

Facets of FISMA Thales Can Help With

Core Thales capabilities that help meet FISMA compliance standards include:

  • Encryption and Key Management: Strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.
  • Access Policies and Privileged User Controls: Restrict access to encrypted data – permitting data to be decrypted only for authorized users and applications, while allowing privileged users to perform IT operations without the ability to see protected information.
  • Security Intelligence: Logs that capture access attempts to protected data, providing high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for compliance reporting.

In addition to helping you comply with FISMA; NIST 800-53, Revision 4FIPS 140-2FIPS 199; FIPS 200 and FedRAMP, Thales solutions are designed to help you comply with:

The Vormetric Data Security Platform

The Vormetric Data Security Platform from Thales is the only solution with a single extensible framework for protecting data-at-rest under the diverse requirements of Federal Agencies across the broadest range of OS platforms, databases, cloud environments and big data implementations. The result is low total cost of ownership, as well as simple, efficient deployment and operation.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.

Vormetric Key Management

Vormetric Key Management from Thales enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Vormetric Security Intelligence

Vormetric Security Intelligence from Thales provides another level of protection from malicious insiders, privileged users, APTs and other attacks that compromise data by delivering the access pattern information that can identify an incident in progress.

Vormetric Application Encryption

Vormetric Application Encryption enables agencies to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Tokenization with Dynamic Masking

Vormetric Tokenization with Dynamic Masking from Thales lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, you can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.

その他の主要なデータ保護とセキュリティ規制

GDPR

規制
アクティブ ナウ

これまでで最も包括的なデータプライバシー基準とされるGDPRは、組織がどこの国にあろうとも、EU市民の個人データを保持する全ての組織に対応を求められます。

PCI DSS

必須
アクティブ ナウ

クレジットカード及びデビットカードの決済処理事業者は、アカウントデータの処理、保存および送信に関する厳格なPCIDSSコンプライアンス要件に準拠する必要があります。

データ漏えい通知法

規制
アクティブ ナウ

個人情報漏えいが発生した場合に、データ侵害報告義務の要件は、世界中の国々によって制定されています。それは管轄国で違いはありますが、ほぼ全てに「セーフハーバー」条項が含まれています。