| Periodic
FISMA Assessment |
LJK/Security provides centralized security assessment
of VMS systems by authorized personnel not associated with system management.
It comes with a set of policy templates for evaluating systems against NIST Special
Publication 800-53 and providing reports according the 800-53 control designators.
Beyond that is the fact that using LJK/Security on a regular basis enables an
organization to comply with specific 800-53 requirements for monitoring in support
of FISMA.
Initially
CA-4 SECURITY
CERTIFICATION
Control: The organization conducts an assessment of the security controls in
the information system to determine the extent to which the controls are implemented
correctly, operating as intended, and producing the desired outcome with respect
to meeting the security requirements for the system.
Annually
CA-2 SECURITY ASSESSMENTS
Control: The organization conducts an assessment of the security controls in
the information system [Assignment: organization-defined frequency, at least
annually] to determine the extent to which the controls are implemented correctly,
operating as intended, and producing the desired outcome with respect to meeting
the security requirements for the system.
Ongoing
CA-7 CONTINUOUS MONITORING
Control: The organization monitors the security controls in the information
system on an ongoing basis.
RA-5 VULNERABILITY SCANNING
Control: The organization scans for vulnerabilities in the information system
[Assignment: organization-defined frequency] or when significant new vulnerabilities
affecting the system are identified and reported.
SI-7 SOFTWARE AND INFORMATION INTEGRITY
Control: The information system detects and protects against unauthorized changes
to software and information.
Preserving
AC-5 SEPARATION OF DUTIES
Control: The information system enforces separation of duties through assigned
access authorizations.
