Secure Modernization vs. Legacy Systems? FISMA, Government and the DoD
(Federal agencies are challenged to protect legacy systems while complying with FISMA secure modernization. Atomicorp brings the best of both worlds for protecting existing and modernized hybrid architecture.)
Nearly every organization employs a favorite old system or way of doing something, and agencies in the government and the Department of Defense are no different.
We call these legacy systems.
But there are government requirements to modernize. Take the Federal Information Security Modernization Act (FISMA), for example, which demands expected modernized levels of security performance and reporting from federal agencies and their CIOs and Inspector Generals.
Complying with the Federal Information Security Modernization Act (FISMA)
FISMA codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting the Office of Management and Budget (OMB) in developing those policies.
The legislation’s two primary charters are to ensure that agencies implement administration-approved security priorities and best practices, and provide the OMB with the performance data to monitor agencies’ progress.
There are general instructions and guidance, but also metrics to meet:
- Identify. The Identify metrics section assists agencies with inventorying their hardware and software systems and assets that connect to their networks, according to FISMA. Identifying these systems and assets helps agencies facilitate their management of cybersecurity risks to systems, assets, data, and capabilities. It takes a deep understanding of who is an authentic network user and who is not.
- Protect. Here, agencies are required to safeguard their systems, networks, and facilities with appropriate cybersecurity defenses. The protect function supports agencies’ ability to limit or contain the impact of potential cybersecurity events.
- Detect. This requirement assesses the extent that the agencies are able to discover cybersecurity events in a timely manner and “have timely and adequate awareness of anomalous events on their systems and networks.”
- Respond. Here, agencies must have policies and procedures in place that detail how their enterprise will respond to cybersecurity events. Agencies should develop and test response plans and communicate response activities to minimize the impact of cybersecurity events.
- Recover. FISMA requires agencies to develop and implement appropriate activities for resilience that allow for the timely restoration of any capabilities or services impaired due to a cybersecurity event.
- Report. OMB issues an annual FISMA guidance document which covers requirements for agency cybersecurity reporting. Responsibility usually falls upon the Inspector General of each agency. Agencies must implement the administration’s priorities and best practices to provide the OMB with the performance data to monitor agencies’ progress toward implementing the FISMA program’s priorities.
The requirements are not always in the aforementioned order.
For the full FISMA documentation, visit https://www.cisa.gov/publication/fy21-fisma-documents.
Atomicorp for Secure Modernization and FISMA Compliance
Atomic OSSEC is a scalable, multi-platform, open source host-based intrusion detection system (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting, vulnerability discovery, self-healing capability and active response to attacks, providing much of the security FISMA demands.
With Atomic OSSEC, organizations can orchestrate security detection rapidly out to the assets they want to protect. They can conduct this security, even if they’re using multiple cloud, public to private cloud, cloud- to-premises workloads, or are in a hybrid environment that may include legacy systems. The HIDS works across all major operating systems, and platforms including AWS, Azure, and Google.
Atomic OSSEC HIDS and active response empowers federal and state agencies to:
- Identify. Know your assets. How can you protect something if you don’t know it exists? The answer is security software agents and network registration and privileges for those people and devices that get the access services. Extend access and privilege gradually with the push of a button.
- Detect. Inspect payload and state with file integrity monitoring (FIM). Controls can fail due to user mistakes, superior adversaries, zero days, etc. Being able to detect when a control fails is necessary to a robust and correct response. A good HIDS FIM tool should monitor more than just the files and data stores containing sensitive data. It should also monitor configuration information and software native to the operating system, like registries, binary files, and libraries, as well as infrastructure components such as the configuration of network and cloud devices, web servers, and firewalls.
- Protect. Protect your endpoints and cloud workloads. Prevent DoS attacks. Endpoints are servers, laptops, routers, firewalls, VMs, containers and more. Defend these assets with end-user protections such as strong AV, device hardening, 2FA, intrusion detection and prevention, and vulnerability scanning. Endpoint protection must include cloud workload protection, which scans hybrid cloud data center architectures, including on-premises, physical and virtual machines (VMs), public cloud IaaS, and containers, to secure processing and more easily segment the workload according to security and law.
- Respond. SOAR with active response. Keep up with DevOps. Be able to identify infected endpoints and isolate them rapidly, without manual intervention. Inject advanced security rules into your computing environment and employ rules that are flexible enough to allow authentic access but that prohibit rapid privilege escalation or abuse. You may not be able to stop some brute force password attacks but you can stop access across different computers and ports, which are looking for weak links for which to further exploit. Detect these vulnerable desktops, laptops, and end users. Stop service on assets where a suspicious volume of activity is being requested. When a threshold is reached, the agent quarantines the end device.
- Recover. Plan ahead. We can back up all files that we monitor and secure for you, contributing to sound data redundancy and disaster preparedness.
- Report. View alerts of unusual network activity in an integrated SIEM console. Display data in visualizations on a management console that allows you to drill in, isolate and respond. Use it for security performance, for compliance, for reporting, for forensic analysis, and more.
Atomic OSSEC runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris, HP-UX, AIX, Windows and more, so it is an ideal versatile solution for mixed, modern / legacy system environments.
Learn more on the Atomic OSSEC for intrusion detection system and FIM.
Find out about Atomic Protector for advanced endpoint and cloud workload protection.