Elemental Announces New FISMA Security Policy Framework for Federal Government Organizations

Elemental Security, Inc. Jul 20, 2006


Elemental's NIST-based FISMA Policy, Host and Network Level Security, and Continuous Monitoring and Asset Classification Enable Enhanced Protection of Government Information

SAN MATEO, Calif. - June 14, 2006 - Elemental Security, Inc., the award-winning pioneer of new technology in enterprise information security, today announced a new policy framework to help federal government organizations measurably improve their compliance with the Federal Information Security Management Act (FISMA).

Based on the U.S. Government's implementation resource guide - the National Institute of Standards and Technology (NIST) "Recommended Security Controls for Federal Information Systems" (Special Publication 800-53) - Elemental's new policy framework helps organizations adhere to FISMA best practices for network access control and automated security policy management, as well as for systems and software inventory classification as defined in the NIST document "Standards for Security Categorization of Federal Information and Information Systems" (FIPS Publication 199).

According to Gartner, Inc., "Government organizations that are required to meet FISMA compliance should use [compliance] as a control framework ... and for asset clarification. Use compliance as an opportunity to improve operational security not only by defining assets and documenting the current state of the organization, but also by implementing control objectives that drive effective risk analysis and management." Moreover, "Organizations should use compliance as an opportunity to implement technologies and processes that improve operational security as well as provide support for FISMA and FIPS 199 compliance."1

Available later this month, Elemental's FISMA policy is the newest regulatory policy framework available in Elemental's policy and risk management product, the Elemental Security Platform (ESP). ESP helps government organizations classify systems as defined in FIPS Publication 199 by continuously monitoring the configuration, inventory, and networking activity of machines on the network. This enables security administrators to target and automatically provision their policies based on the classification and behavior of systems. Additionally, as changes in the classification, behavior, or compliance of hosts are observed, ESP automatically adjusts policy deployments accordingly.

ESP continuously monitors policy compliance and reports on changes that impact an organization's security compliance metrics and risk posture. ESP addresses FISMA requirements in the following ways:

· Provides unmatched transparency into the network by gathering an extensive array of system configuration, inventory, and network traffic information;

· Dynamically classifies and groups of systems;

· Automates security policy deployment, providing a continuous and accurate measure of compliance, as well as over-time trending information;

· Mitigates risks through automated remediation of security exposures and vulnerabilities;

· Delivers integrated host-level access controls that are aligned with business processes and the roles of users, systems, and applications; and

· Enables risk assessment based on discovery of new and existing threats, and by continuously gathering information from systems to understand their compliance, business purpose, security posture, and activity.

"With a FISMA policy framework based on rules from NIST assuring rigorous protections affecting host-level security, NAC and asset classification, Elemental has developed a comprehensive policy framework helping customers in their FISMA-related efforts," said Elemental Chief Marketing Officer Roy Agostino. "Customers recognize the power and flexibility of the Elemental Security Platform, and have come to us requesting a FISMA policy set. They know that a policy set from Elemental, due to our unique visibility, automation and host-level security, is differentiated from other solutions in the industry. We are pleased to announce this month's availability of the Elemental FISMA policy framework to help meet current and future federal government customers' needs."

Elemental's award-winning product is the world's only security policy system built from the ground up to make the state and activity of users and computers fully transparent, enabling customers to directly translate their business objectives into specific policies for all users and systems on their networks. Elemental unifies policy management, host configuration, inventory/discovery and role-based access control in one seamlessly integrated offering. Using Elemental, security administrators can easily assess the security posture of machines and networks, and make proactive decisions about managing risk. Security policy and compliance management continue to be top priorities due to increasing frequency and severity of security breaches, and regulations such as Sarbanes-Oxley (SOX), the Payment Card Industry (PCI) Data Security Standard, the Health Insurance Portability and Accountability Act (HIPAA), and FISMA.

About Elemental
Elemental is an industry leader in enterprise policy and risk management. Using its award-winning Elemental Security Platform (ESP), organizations can directly translate their business objectives into specific policies for all users and systems on their networks. For the first time, enterprises can use a single product to obtain measurable and comprehensive metrics for their security policy needs and compliance requirements. Founded in December 2002, Elemental is a privately held company backed by Bessemer Venture Partners, Mayfield, Sequoia Capital and Lehman Brothers Venture Partners. Red Herring and AlwaysOn awarded the company their annual awards for the top private companies. Elemental was also named the "Most Innovative" company at the RSA Conference 2006, and earned 2006 "Private Security/Start-up to Watch" honors from Red Herring and Network World. The company is headquartered in San Mateo, Calif., and has offices throughout the U.S. Go to www.elementalsecurity.com for more information.

Dan Spalding
Corporate Communications
Elemental Security
(650) 292-1390
(408) 828-3265 (cell)

White Papers & Case Studies

View All White Papers & Case Studies

View All Resources

All Topics

Manufacturing Innovation

Industry Trends

Engineering & Design

Sales & Marketing

Supply Chain

Career & Workforce

Company News

New Products

Thomas Index

Daily Bite

Find Suppliers, Insights, Tools and More...

Become part of North America's largest and most active network of B2B buyers and industrial/commercial suppliers.

Select From Over 500,000
Industrial Suppliers

Find and evaluate OEMs, Custom Manufacturers, Service Companies and Distributors.

Receive Daily
Industry Updates

Stay up to date on industry news and trends, product announcements and the latest innovations.

Search Over
6 Million Products

Find materials, components, equipment, MRO supplies and more.

Download 2D & 3D
CAD Models

10+ million models from leading OEMs, compatible with all major CAD software systems.
Start Sourcing Suppliers Claim Your Company Profile ico-arrow-default-right
Cookie Policy
Close
Thomas uses cookies to ensure that we give you the best experience on our website. By using this site, you agree to our Privacy Statement and our Terms of Use.
Accept