FISMA/FISCAM

FISMA (Federal Information Security Management Act) requires all Federal government agencies to handle personal information with utmost security, as specified by NIST and to submit an annual report to the Office of Management and Budget (OMB) describing their IT security status. Auditor Professional will help you quickly test critical security settings that are required for FISMA or FISCAM audits.

The typical reports required as part of the IT Audit process include:

Picture shows directory of built-in reports for FISCAM audits

Click to Expand
  • Password Aging
  • User Privileges
  • System Privileges
  • Remote Access
  • Consolidated Change Logs
  • NTFS Permissions
  • Role Permissions & Membership
  • User Access
  • Auditing Enabled

Simply select reports from the FISMA or FISCAM reports folder and run them. You'll get reports providing details on your administrative procedures, technical data security services, and technical security mechanisms. Initially you'll probably find some security gaps in your servers. Once you fix them, you can use these reports to prove to auditors that your servers are compliant with FISMA standards.

Back to the Auditor Pro page