• DocumentCode
    2393796
  • Title

    SmartFISMA™

  • Author

    Baker, Robert G.

  • Author_Institution
    Smartronix, Inc., California, MD
  • fYear
    2008
  • fDate
    16-19 Nov. 2008
  • Firstpage
    1
  • Lastpage
    7
  • Abstract
    Foreign and domestic hackers have been increasingly attacking the U.S. Government computing environments with impunity, bypassing impressively expensive defenses and threatening our capability to defend and support our nation and allies. Adversaries are now appearing as legitimate users to Department of Defense (DoD) applications and networks, while threatening the integrity and confidentiality of DoD information. Attackers are frequently exploiting hardware and software vulnerabilities before DoD can test and disseminate effective patches. The complexity of information technology (IT) management operations and security is a constant challenge for enterprises (both large and small). Balancing the workforcepsilas need for availability and ease of use while complying with the frequent security advisories, bulletins, changes, and reporting requirements can be daunting. The continuous enhancements and upgrades combined with the requirement to react to security threats to both operating systems and applications are overwhelming the routine operational capability for the system and security administrators. Many organizations continue to treat asset management; configuration management; data protection; access control; intrusion prevention; risk analysis; compliance; vulnerability management; certification and accreditation (C&A); incident detection and response; and reporting as isolated processes that rarely, if ever, interact. The stove-piping of these critical network and system operations results in inconsistent views of IT assets and their security postures, inefficient use of resources, and the inability to accurately assess the overall security status of the organization at any given time. Additionally, the C&A and Information Assurance Vulnerability Management (IAVM) processes, along with the annual Federal Information Security Management Act (FISMA) reporting, has become a resource intense, complex, and sometimes unpredictable process. These processes a- - nd procedures are particularly challenging for IT managers in establishing and maintaining a secure computing environment the naval workforce expects without sacrificing quality of service. Smartronix Inc., in conjunction with the Office of Naval Research (ONR), and security product partners Telos Corporation, IBM Internet Security Systems, Inc. and McAfee have developed a solution to address these issues.
  • Keywords
    government data processing; security of data; Department of Defense; Federal Information Security Management Act; SmartFISMA; U.S. Government computing; access control; asset management; configuration management; data protection; incident detection; information technology management; intrusion prevention; operational capability; risk analysis; security administrators; software vulnerabilities; vulnerability management; Application software; Asset management; Computer hacking; Data security; Government; Hardware; Information management; Information security; Resource management; Risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Military Communications Conference, 2008. MILCOM 2008. IEEE
  • Conference_Location
    San Diego, CA
  • Print_ISBN
    978-1-4244-2676-8
  • Electronic_ISBN
    978-1-4244-2677-5
  • Type

    conf

  • DOI
    10.1109/MILCOM.2008.4753139
  • Filename
    4753139