TrustedAgent FISMA

TrustedAgent FISMA is an enterprise level FISMA data management solution . It is a web enabled system that allows Agencies to Manage Plans of Action and Milestones (POA&Ms), NIST security, self-assessments, and OMB FISMA security metrics . TrustedAgent FISMA provides an efficient, collaborative environment for Agencies to manage and report both annual and quarterly FISMA requirements. In addition, it provides information system security officers with a real time view of the IT security posture for a system, program, or agency at a specific point in time or historically .

According to a report from a congressional oversight committee on November 19, 2002, “The U.S. government has earned failing marks for computer security for the second year in a row.” Furthermore, in FY 2003 FISMA reporting, OMB requires that “agencies develop, implement, and manage agency-wide POA&M process” to successfully achieve yellow on their e-Gov scorecard . In leveraging guidance from Department of Homeland Security, TrustedAgent FISMA assists Federal agencies in meeting FISMA compliance and reporting.

With FISMA being a relatively recent Federal legislation with new and evolving requirements, the majority of Federal agencies are employing manual processes for the collection and management of FISMA information using a combination of word-processing and electronic spreadsheet based documents, which pose the following challenges:

• Consume significant resources and time
• Subject to human errors
• Difficult to analyze data
• Lack enforcement of FISMA framework

OMB and NIST have taken some initial steps forward in releasing automation technology to streamline the process. However, these tools are slowly forthcoming, only partially support the full FISMA framework, and are cumbersome to deploy at an enterprise level.