FISMA

The Federal Information Security Management Act of 2002 (“FISMA”) imposes a mandatory set of processes that must be followed for all information systems used or operated by a US federal agency or by a contractor or other organization on behalf of a US Government agency. The policy detects combinations of Personally Identifiable Information (PII) like social security number or credit card number, with sensitive private information, such as health conditions, names of crimes, and ethnicities.

Additional rules detect confidential information about the corporate network, and confidential documents. The rules for this policy are:

  • FISMA: CCN and Crime
  • FISMA: CCN and Ethnicity
  • FISMA: CCN and Sensitive Disease or Drug
  • FISMA: Confidential in Document
  • FISMA: Proprietary in Document
  • FISMA: Network Information and Security (Pattern and IP)
  • FISMA: Network Information and Security (Textual Pattern)
  • FISMA: Password Dissemination for HTTP Traffic (Wide)
  • FISMA: Password Dissemination for HTTP Traffic (Default)
  • FISMA: Password Dissemination for HTTP Traffic (Narrow)
  • FISMA: Password Dissemination for non-HTTP/S Traffic (Wide)
  • FISMA: Password Dissemination for non-HTTP/S Traffic (Default)
  • FISMA: Password Dissemination for non-HTTP/S Traffic (Narrow)
  • FISMA: SSN and Crime
  • FISMA: SSN and Ethnicity
  • FISMA: SSN and Sensitive Disease or Drug