A guide to achieving Federal Information Security Management Act (FISMA) requirements across Windows, UNIX, Linux and Mac OS X systems

Abstract The Federal Information Security Management Act (FISMA) lays out a comprehensive set of security requirements that are an on-going focus for federal IT managers. FISMA addresses security issues in a comprehensive manner, covering everything from identity management to physical building security. This white paper focuses specifically on identity and access management (IAM) issues, using the guidance provided by NIST Special Publication 800-53 recommended Security Controls for Federal Information Systems, as a roadmap. In addition, requirements related to continuous monitoring of IT security controls as detailed in NIST Special Publication 800-137 are covered. While FISMA compliance is a complex process due to the broad scope and diversity of federal information systems, the core IAM requirements come down to commonsense and well established principles that can be addressed through a strategy of centralized management, policy enforcement and continuous monitoring. This whitepaper demonstrates how to address these requirements in a robust and cost-effective manner by leveraging existing Active Directory infrastructure to centrally manage non-Windows systems and applications. It then details Centrify’s unique ability to extend Active Directory with suite of integrated solutions for cross-platform identity, access and privilege management and continuous monitoring of systems.