FISMA/FISCAM
FISMA (Federal Information Security Management Act) requires all Federal government agencies to handle personal information with utmost security, as specified by NIST and to submit an annual report to the Office of Management and Budget (OMB) describing their IT security status. Auditor Professional will help you quickly test critical security settings that are required for FISMA or FISCAM audits.
The typical reports required as part of the IT Audit process include:
Click to Expand
- Password Aging
- User Privileges
- System Privileges
- Remote Access
- Consolidated Change Logs
- NTFS Permissions
- Role Permissions & Membership
- User Access
- Auditing Enabled
Simply select reports from the FISMA or FISCAM reports folder and run them. You'll get reports providing details on your administrative procedures, technical data security services, and technical security mechanisms. Initially you'll probably find some security gaps in your servers. Once you fix them, you can use these reports to prove to auditors that your servers are compliant with FISMA standards.
Examples of FISMA Compliance Reports
- OS and Service Pack
- Share and NTFS Permissions on shared folders
- NTFS Permissions on Share Folders
- Custom File Permissions
- Installed Applications by Computer
- Accounts with Passwords set to Never Expire
- Current Members of Domain Admins Group
- Windows Documentation Report
- Citrix Documentation Report
- Windows Change Report - Granular Collection
- Windows Baseline Report
