FISMA Compliance: Mapping NIST Controls to Cisco Security Solutions

The primary incentive for compliance with the Federal Information Security Management Act (FISMA) is to identify the people, systems, and processes an agency needs to achieve its business objectives, and to protect them appropriately. A secondary incentive is that good FISMA grades bolster an agency's reputation within the House Government Reform Committee and in the eyes of citizens.

This white paper can serve as a reference for IT groups that want to increase information security and ease the path to improving FISMA compliance. It reduces the research that agency IT groups must conduct to achieve FISMA compliance and reduces risk by mapping the control groups defined by the National Institute of Standards and Technology (NIST) to specific security solutions that Cisco provides in the Cisco Self-Defending Network portfolio.

Each section of the white paper focuses on one NIST control, describing how that control helps the agency achieve its mission and then listing the Cisco solutions that fulfill that control's requirements. Cisco provides network and security systems that are designed from the outset to operate and be managed as a system. An integrated approach to security helps agencies meet federal government requirements for more effective security, avoids time-consuming and expensive integration work, and reduces management burden. This is a recipe for faster FISMA compliance at lower cost.