ECAR™ for FISMA
Enterprise Compliance Auditing & Reporting
Federal Information Security Management Act (FISMA) impacts governmental agencies and commercial contracting organizations. FISMA requires compliance with an exhaustive number of technical, operational and management requirements. The National Institute of Science and Technology's (NIST) Special Publication 800-53 provides recommended guidance for FISMA compliance.
The ECC Enterprise Compliance Auditing and Reporting (ECAR™) system maps over 175 Microsoft Windows IT security events to the technical and operational specifications defined by NIST SP 800-53. Utilizing Microsoft Operations Manager (MOM) server, events are tracked and a variety of auditing reports are generated.
ECAR™ FISMA FEATURES
- Access Control Management
- Audit and Accountability
- Contingency Planning
- Identification and Authentication
- System and Information Integrity
- System and Communication Protection
ECAR™, MICROSOFT AND NIST
The Microsoft Windows Servers and controls provide a framework for vertical regulatory compliance auditing and reporting solutions. Microsoft Operation Manager (MOM) facilitates the collection of events and manages the ability to customize views and reports. Building on this foundation, ECC developed ECAR™ around NIST recommendations as a compliance auditing and reporting environment. ECAR™ is used to identify security compliance issues for both assessment and mitigation purposes. As the proactive monitoring capability of the MOM platform progresses, so will an organization's ability to react and adjust its risk posture. ECAR™ provides the framework to achieve these ends.
ECC wants to acknowledge the ground breaking efforts of NIST and in particular
the team responsible for SP 800-53.