The Federal Information Act of 2002 (FISMA), enacted as Title III of the E-Government Act of 2002, was established to address the importance of information security related to both the economic and national security interests of the United States. The Act, which has forged a thorough structure by which information security controls can be judged on as based upon their effectiveness and comprehensiveness, maintains minimum security requirements and controls to be abided by all federal agencies.
Netwrix Corporation provides a comprehensive line of auditing solutions that can be used to promote adherence to the following FISMA requirements:
| Control Number |
Requirement |
Netwrix Provides |
Netwrix Solution |
FAMILY: Access Control
CLASS: Technical |
| AC-2 |
The organization manages information system accounts, including establishing, activating, modifying, reviewing, disabling, and removing accounts. The organization reviews information system accounts at least annually. |
Automated and consolidated auditing and reporting of all account management activities in Active Directory, Group Policy, Exchange, SQL server database, file server, SharePoint and virtual environment changes, as well as logon activities. Reports include information about who made changes to what accounts, when and where those changes were made. Reports include all established, activated, modified, disabled, and removed accounts, and streamline the annual review process. |
Change Reporter family
|
| AC-3 |
The information system enforces assigned authorizations for controlling access to the system in accordance with applicable policy. |
Complete Active Directory, Group Policy, and file server change auditing that notifies administrators via report in any instance of user rights modifications. Reports can be used as audit trail for auditors. |
Active Directory Change Reporter
Change Reporter Suite
Group Policy Change Reporter
File Server Change Reporter
|
| AC-5 |
The information system enforces separation of duties through assigned access authorizations. |
Tracking of all user logons and separation of duties via individual user IDs to ensure clearly identifiable users at all times, even if the accounts are shared between multiple employees. |
Logon Reporter
|
| AC-7 |
The information system enforces a limit of X consecutive invalid access attempts by a user during a [organization-defined] time period. The information system automatically locks the account/node for an [organization-defined time period] or delays next login prompt according to [organization-defined delay algorithm] when the maximum number of unsuccessful attempts is exceeded. |
Netwrix solutions minimize costs associated with implementation of strong password policies. Automated alerts sent to administrators on all account lockouts, scheduled reports are sent with all logon activities, including failed attempts, self-service password management tools allow end user to reset their passwords securely and without contacting IT help desk. Automated monitoring of policy changes capture all unauthorized changes to password policies. |
Account Lockout Examiner
Identity Management Suite
|
| AC-13 |
The organization supervises and reviews the activities of users with respect to the enforcement and usage of information system access controls. |
Automated reports notify predetermined report recipients of all user activities and can be archived for historical review or used as comprehensive audit trail for FISMA auditors. |
Change Reporter family
|
FAMILY: Audit and Accountability
CLASS: Technical |
| AU-2 |
The information system generates audit records for the following events: [organization-defined auditable events]. |
Auditing and reporting of all types of events, including login events, access control, identity management administration, file access events, and other generic events defined by organization. |
Change Reporter family
Identity Management Suite
|
| AU-3 |
The information system produces audit records that contain sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events. |
Complete reports include who, what, when and where each change occurred, as well as the current and new values of every system modification. |
Change Reporter family
|
| AU-5 |
The information system alerts appropriate organizational officials in the event of an audit processing failure and takes the following additional actions: [organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records)]. |
Alerts are sent when audit log overwrite occurs or any changes in audit log overwrite policies are detected. In addition to that, all audit data is archived for a specified period of time for viewing at a later date even if the original event logs are lost. |
Event Log Manager
|
| AU-6 |
The organization regularly reviews/analyzes information system audit records for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, reports findings to appropriate officials, and takes necessary actions. |
All significant activities are audited, reported and sent in daily E-mails for review of any unusual activity. Extensive collection of predefined reports is available out of the box with ability to create custom reports and make them available for regular reviews. |
Active Directory Change Reporter
Change Reporter Suite
Event Log Manager
Logon Reporter
|
| AU-7 |
The information system provides an audit reduction and report generation capability. |
All change management solutions produce automated audit reports for E-mail or inconsole viewing. The change auditing solutions remove unnecessary "noise" events that administrators deem insignificant, allowing for simplified manual review. |
Change Reporter family
Event Log Manager
|
| AU-8 |
The information system provides time stamps for use in audit record generation. |
Timestamps are available for every audited event and alert. |
Change Reporter family
|
| AU-9 |
The information system protects audit information and audit tools from unauthorized access, modification, and deletion. |
Protection via permissions and access rights that audit information maintained by all Netwrix solutions. |
All Netwrix Products
|
| AU-10 |
The information system provides the capability to determine whether a given individual took a particular action. |
Audit reports notify administrators of exactly who took what actions and made what changes or took what action. |
Change Reporter family
|
| AU-11 |
The organization retains audit records for [organization-defined time period] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements. |
Reports can be archived for a specified amount of time for viewing at a later date. 10 years and more can be kept in long-term archive and quickly made available for after-the-fact investigations or security incidents. |
Change Reporter family
|
FAMILY: Certification, Accreditation, and Security Assessments
CLASS: Management |
| CA-7 |
The organization monitors the security controls in the information system on an ongoing basis. |
Daily reports show all changes to security controls and policies. Many predefined reports are available to simplify the ongoing review processes. |
Change Reporter family
|
FAMILY: Configuration Management
CLASS: Operational |
| CM-3 |
The organization authorizes, documents, and controls changes to the information system. |
All changes to the information system are documented and archived in easy to read audit reports that show who changed what, when, and where and show full details about all changes. Some types of unauthorized changes can be automatically rolled back to their original states. |
Change Reporter family
|
| CM-4 |
The organization monitors changes to the information system conducting security impact analyses to determine the effects of the changes. |
Convenient change monitoring capabilities, ensuring that all modifications are available for security impact analysis in an easy to understand format showing what was changed and what configuration settings existed before changes. |
Change Reporter family
|
| CM-6 |
The organization: (i) establishes mandatory configuration settings for information technology products employed within the information system; (ii) configures the security settings of information technology products to the most restrictive mode consistent with operational requirements; (iii) documents the configuration settings; and (iv) enforces the configuration settings in all components of the information system. |
Adherence to all Group Policy and event log management configuration settings. All changes to policy settings are detected and highlighted in detailed reports for granular control and enforcement policies. |
Change Reporter family
|
FAMILY: Media Protection
CLASS: Operational |
| MP-2 |
The organization restricts access to information system media to authorized individuals. |
Audits and reports all file serves access and changes. |
File Server Change Reporter
|
FAMILY: Personnel Security
CLASS: Operational |
| PS-4 |
The organization, upon termination of individual employment, terminates information system access, conducts exit interviews, retrieves all organizational information system-related property, and provides appropriate personnel with access to official records created by the terminated employee that are stored on organizational information systems. |
Automated tracking of all dormant user accounts, deactivating those that are inactive for a specified amount of time. Archiving of electronic records of communication with full-text search capabilities. |
Inactive Users Tracker
|
| PS-7 |
The organization establishes personnel security requirements including security roles and responsibilities for third-party providers and monitors provider compliance. |
Accurate auditing and reporting of all user events, including login activity, Active Directory modifications, and server or object access. |
Change Reporter family
Event Log Manager
Logon Reporter
|
FAMILY: System and Information Integrity
CLASS: Operational |
| SI-4 |
The organization employs tools and techniques to monitor events on the information system, detect attacks, and provide identification of unauthorized use of the system. |
Centralized collection and consolidation of all types of events, including login activity, Active Directory modifications, and server or object access to identify unauthorized use. |
Change Reporter family
Event Log Manager
Logon Reporter
|
