Monday, January 18, 2021
  • Government Data Sharing | Avast
  • Cybersecurity Lessons from the Election: Human Behavior
  • Private AI Research Institute | Avast
  • WhatsApp Data Privacy | Avast
  • Dr. Martin Luther King, Jr. Day 2021

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Governance, Risk & Compliance Security Bloggers Network 

Home » Cybersecurity » Governance, Risk & Compliance » How to Pick the Right Solution for FISMA SI-7 Compliance

How to Pick the Right Solution for FISMA SI-7 Compliance

by Megan Freshley on March 11, 2019

It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting solution.

First, a Few FISMA SI-7 Basics

So what sorts of specifications do you need to look for, and why? While the Federal Information Security Management Act (FISMA) is an important part of keeping governmental systems safe from cyberthreats, it’s not the most intuitive set of guidelines to follow. That’s especially true for one of the most difficult security controls agencies must adhere to: NIST SP 800-53 SI-7.

The SI-7 (“SI” meaning “System Information and Integrity”) control instructs agencies on software, firmware and information integrity. As of 2017’s executive order on cybersecurity states, “Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency’s cybersecurity risk.”

Government systems are categorized as low, moderate or high sensitivity. All controls are mandatory for everyone, but the set of mandatory controls gets larger for moderate- or high-sensitivity agencies. The subset of SI-7 controls that are most relevant to the largest numbers of agencies are 1, 2, 5 and 7.

SI-7.1: Integrity Checks

As identified in NIST SP 800-53, “Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort.”

Questions for your cybersecurity vendor:

  • Does the solution cover firmware?
  • Does it cover the full scope and range of assets, including Windows, Unix, Linux, routers, switches, firewalls and storage devices?
  • In (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Megan Freshley. Read the original post at: https://www.tripwire.com/state-of-security/government/solution-fisma-si-7-compliance/

March 11, 2019March 11, 2019 Megan Freshley Compliance, Cybersecurity, Federal, FISMA, FISMA SI-7, government, Regulatory Compliance
  • ← Cybercrime Costs Climb 12% to $13 Million per Company in 2018
  • A Nut Worth Cracking →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Sonrai Security Marketing

Sonrai Security Closes 2020 with Record Growth and Customer Momentum

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Soon, Quantum Computing Could Break Your Encryption
Digital Ocean Minds its MANRS Alongside Other Service Providers
Object vs. File Storage: Why Security Is a Key Consideration
Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Your Quantum-Safe Migration Journey Begins with a Single Step
Solar Winds, Office 365 & Shipbuilding…
Considering Insurance in the Cybersecurity Equation
Researchers Breach Air-Gapped Systems by Turning RAM Into Wi-Fi Cards
AttackIQ Academy’s 10,000th Student
Pride and Passwords: Top Hacking Methods & How to Prevent Them

Upcoming Webinars

Tue 19

A New Year’s Ransomware Resolution

January 19 @ 1:00 pm - 2:00 pm
Tue 19

Shift Left with NGINX Layer 7 Security

January 19 @ 10:00 pm - 11:00 pm
Wed 20

Vulnerability Discovery in the Cloud

January 20 @ 3:00 pm - 4:00 pm
Thu 21

Next Generation Vulnerability Assessment Using Datadog and Snyk

January 21 @ 1:00 pm - 2:00 pm
Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Hackers Calling Fair Game on Healthcare Institutions
CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threat Intelligence 

Hackers Calling Fair Game on Healthcare Institutions

January 18, 2021 Caleb Barlow | 7 hours ago 0
Your Quantum-Safe Migration Journey Begins with a Single Step
CISO Suite Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Your Quantum-Safe Migration Journey Begins with a Single Step

January 15, 2021 Paul Lucier | 3 days ago 0
4 Steps to Mitigate Future Healthcare Cyberattacks
Cybersecurity Data Security Governance, Risk & Compliance Incident Response Industry Spotlight IoT & ICS Security Network Security Security Boulevard (Original) Threat Intelligence 

4 Steps to Mitigate Future Healthcare Cyberattacks

January 13, 2021 Jonathan Langer | Jan 13 0

Top Stories

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Analytics & Intelligence Cybersecurity Featured Incident Response Malware Mobile Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

January 15, 2021 Richi Jennings | 2 days ago 0
Hackers Didn’t Only Use SolarWinds to Break In, Says CISA
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Hackers Didn’t Only Use SolarWinds to Break In, Says CISA

January 11, 2021 Richi Jennings | Jan 11 0
WhatsApp/Facebook Data Sharing: Pants On Fire?
Application Security Cyberlaw Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight 

WhatsApp/Facebook Data Sharing: Pants On Fire?

January 7, 2021 Richi Jennings | Jan 07 0

Security Humor

via     the respected information security capabilities of   Robert M. Lee     & the superlative illustration talents of   Jeff Haas   at   Little Bobby Comics  !

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 312’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.