SmartFISMA™

Foreign and domestic hackers have been increasingly attacking the U.S. Government computing environments with impunity, bypassing impressively expensive defenses and threatening our capability to defend and support our nation and allies. Adversaries are now appearing as legitimate users to Department of Defense (DoD) applications and networks, while threatening the integrity and confidentiality of DoD information. Attackers are frequently exploiting hardware and software vulnerabilities before DoD can test and disseminate effective patches. The complexity of information technology (IT) management operations and security is a constant challenge for enterprises (both large and small). Balancing the workforcepsilas need for availability and ease of use while complying with the frequent security advisories, bulletins, changes, and reporting requirements can be daunting. The continuous enhancements and upgrades combined with the requirement to react to security threats to both operating systems and applications are overwhelming the routine operational capability for the system and security administrators. Many organizations continue to treat asset management; configuration management; data protection; access control; intrusion prevention; risk analysis; compliance; vulnerability management; certification and accreditation (C&A); incident detection and response; and reporting as isolated processes that rarely, if ever, interact. The stove-piping of these critical network and system operations results in inconsistent views of IT assets and their security postures, inefficient use of resources, and the inability to accurately assess the overall security status of the organization at any given time. Additionally, the C&A and Information Assurance Vulnerability Management (IAVM) processes, along with the annual Federal Information Security Management Act (FISMA) reporting, has become a resource intense, complex, and sometimes unpredictable process. These processes a- - nd procedures are particularly challenging for IT managers in establishing and maintaining a secure computing environment the naval workforce expects without sacrificing quality of service. Smartronix Inc., in conjunction with the Office of Naval Research (ONR), and security product partners Telos Corporation, IBM Internet Security Systems, Inc. and McAfee have developed a solution to address these issues.