How to Ensure Your Data Center is FISMA Compliant

Security has always been a big challenge, even more so with the rise of high-profile attacks over the last three years. More than 150 new trojans, bots, viruses and other malicious malware surface every week.

The US government’s efforts to protect its critical infrastructure from these threats has manifested through the Federal Information Security Management Act (FISMA). FISMA regulates the information system processes used by all federal agencies and their contractors.

FISMA stipulates entities dealing with the government to use or outsource to a FISMA compliant data center. In fact, it may actually be easier to outsource to a data center that offers FISMA compliance, rather than trying to ensure FISMA compliance on-premises. Since FISMA is in essence nothing more than a set of standardized security best practices, large organizations would also do well to opt for data centers that strive for FISMA compliance.

The million-dollar question is: How do you ensure that the data center is FISMA complaint?

FISMA offers a framework for developing, implementing, monitoring and reporting on issues related to security. The National Institute of Standards and Technology (NIST) release specific technical and operational controls that fill such a framework.

Does your data center do the following?

Define procedures for security
Cater to configuration management and planning
Have controls in place for implementation of NIST 800-53 control, privacy act controls, and other policies
Have ongoing test for compliance in NIST 800-53, Privacy Act and other policies, reports deficiencies, and the ability to take corrective action
Cater to incident detection and response
Have contingency planning in place and monitor its status on an ongoing basis
Identify and resolve risks through a comprehensive risk assessment exercises
Facilitate the creation of specific certification and accreditation (C & A) package documentation
Facilitate the development of standard reports
Have training & awareness for the workforce to identify security risks
Conduct annual reviews on the effectiveness of the procedures

The data center is essentially FISMA compliant if it facilitates the above and adopts NIST specifications to do so.

The responsibility for compliance ultimately falls on the business, and as such, it is important to select the right data center. With decades of expertise in providing compliance and reliability, Lifeline Data Centers makes for the perfect partner for your data center requirements. Visit our website to know more.

Alex Carroll

Managing Member at Lifeline Data Centers

Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.

Alex Carroll

Related Posts

Data Centers: It’s All About Location

5 Features to Look for in a Top-Performing Colocation Center

Colocation Centers are Thinking More Green as Market Demand Increases