How to Ensure Your Data Center is FISMA Compliant

Security has always been a big challenge, even more so with the rise of high-profile attacks over the last three years. More than 150 new trojans, bots, viruses and other malicious malware surface every week.

How to Ensure Your Data Center is FISMA CompliantThe US government’s efforts to protect its critical infrastructure from these threats has manifested through the Federal Information Security Management Act (FISMA). FISMA regulates the information system processes used by all federal agencies and their contractors.

FISMA stipulates entities dealing with the government to use or outsource to a FISMA compliant data center. In fact, it may actually be easier to outsource to a data center that offers FISMA compliance, rather than trying to ensure FISMA compliance on-premises. Since FISMA is in essence nothing more than a set of standardized security best practices, large organizations would also do well to opt for data centers that strive for FISMA compliance.

The million-dollar question is: How do you ensure that the data center is FISMA complaint?

FISMA offers a framework for developing, implementing, monitoring and reporting on issues related to security. The National Institute of Standards and Technology (NIST) release specific technical and operational controls that fill such a framework.

Does your data center do the following?

  • Define procedures for security
  • Cater to configuration management and planning
  • Have controls in place for implementation of NIST 800-53 control, privacy act controls, and other policies
  • Have ongoing test for compliance in NIST 800-53, Privacy Act and other policies, reports deficiencies, and the ability to take corrective action
  • Cater to incident detection and response
  • Have contingency planning in place and monitor its status on an ongoing basis
  • Identify and resolve risks through a comprehensive risk assessment exercises
  • Facilitate the creation of specific certification and accreditation (C & A) package documentation
  • Facilitate the development of standard reports
  • Have training & awareness for the workforce to identify security risks
  • Conduct annual reviews on the effectiveness of the procedures

The data center is essentially FISMA compliant if it facilitates the above and adopts NIST specifications to do so.

The responsibility for compliance ultimately falls on the business, and as such, it is important to select the right data center. With decades of expertise in providing compliance and reliability, Lifeline Data Centers makes for the perfect partner for your data center requirements. Visit our website to know more.

Alex Carroll

Alex Carroll

Managing Member at Lifeline Data Centers
Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.