Network Quality Assurance FIPS Compliance Process

Know your network

Congruity Inspector Software delivers superior cost-performance for verifying administrative and technical IT security controls: a single mouse-click produces a full one week operational review and comprehensive audit of IT operations. All federal IT security regulations are based on the same Federal Information Processing Standards: FIPS-199 , Standards for Security Categorization and FIPS-200 , Minimum Security Requirements for Federal Information and Information Systems. Detailed below is how Congruity Inspector addresses them.

FIPS-199 Security Objectives & How CongruityInspector Addresses Them:

1. Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. "A loss of confidentiality is the unauthorized disclosure of information." Congruity Inspector highlights threat conditions associated with perimeter security and Internet operations which represent the single biggest area of risk for information systems compromise and confidential data leakage.

• Firewall/Penetration Test Report: Verifies perimeter security and policy effectiveness. Penetration tests identify open ports along with detailed activity logs. Inventory of exposed servers/services and external user activity logs identified by network address and country of origin. Easy-to-understand base-line comparisons enable users to quickly identify unauthorized activity, mis-configurations, compromises and verify policy standards.

• On-line Communications Reports: Provides independent verification that no unauthorized communications are being used to accidentally or maliciously expose confidential information. Reports include Email Summary Report (SMTP, POP3, Web-email), Instant Messenger/Chat, Remote Desktop Programs, file sharing and file download/uploading.

• Content Analysis Report: Congruity Inspector features an integrated content analyzer which can identify personal confidential data and other content contained in on-line communications that breaches established policy.

• Adware/Spyware Report: Congruity Inspector identifies the most commonly found varieties of Adware and Spyware which represent a source of data leakage and attack vector.

• Congruity Inspector monitors every Internet session over a 7 day operational cycle including all TCP, UDP & ICMP activity. This objective and comprehensive profile provides the highest probability of identifying misuse, malicious activity and unusual usage trends as compared to short-term (1 to 3 days) audit methods. Congruity Inspector also meets criteria for 'independent control over the audit process" due to its fully-automated operation and reporting features.

• Congruity Inspector offers comprehensive network traffic analysis, bandwidth statistics and full accounting of LAN/WAN activity. These detailed reports help troubleshoot network performance issues, bandwidth contention and application response time issues enabling users to quickly identify and resolve the source of availability problems. Congruity Inspector's on-demand one-click audit feature ensures rapid response for investigating the source of availability problems.

FIPS-200 Minimum Security Requirements & How Congruity Inspector Addresses Them:

The minimum security requirements include seventeen practices directly related to protecting the confidentiality, integrity, and availability of federal information systems and the information processed, stored, and transmitted by those systems. Congruity Inspector addresses:

1. Awareness & Training: The best security technology in the world can be rendered totally ineffective if network users aren't properly trained. Congruity Inspector software includes a comprehensive on-line technology use & policy training curriculum developed by a leading human resources firm offering on-demand lesson delivery for one to thousands of concurrent network users.

2. Audit & Accountability: Congruity Inspector features device-independent logging of all activity providing an objective verification of baseline security controls, technology performance and operational trending. It also features an audit archiving feature enabling users to encrypt and store audit findings as required for compliance purposes as well as forensic investigations and performance comparison.

3. Certification, accreditation & security assessments: One-click audit provides objective security control status update on-demand and as frequently as management desires.

4. Configuration management (base-lining): Offers a centralized base-line metrics for all on-line activity and key network and security technologies presented in a single, easy-to-understand Web-based application and .pdf executive reports.

5. Incident response: On-demand audit provides consistent method for documenting incidents and delivering reports to appropriate executives and technical officials.

6. Maintenance: Offers consistent, automated way to verify system controls, technologies and policies are effective.

7. Media protection: Identifies unintended, malicious or accidental exposure of electronic confidential internal information.

8. Planning: Detailed reports provide empirical evidence to direct and prioritize security efforts and spending including perimeter and endpoint security, network infrastructure and applications.

9. Personnel security: Offers completely automated operation and reporting providing objective verification that systems are free from tampering during personnel transitions or internal review processes.

10. Risk assessment: Provides the most comprehensive profile of internal and external threat conditions of any single solution. Threats are what actually breach security and cause harm and are a component of risk, vulnerabilities being the other.

11. System & services acquisition: One-click audit feature offers a low cost, objective verification to ensure that 3rd party service providers are delivering specified contract services.

12. Systems & communications protection: Offers independent monitoring of all on-line communications (transmitted and received) by company at the protected network boundary.

13. Systems & information integrity: Enables quick reporting of system flaws as part of a proactive security management approach. Organizations that pro-actively identify threat conditions and key information assets significantly reduce operational risk. Read about IT Security Best Practice

National Institute of Tests and Standard (NIST) develop generally accepted system security principles (GSSP) and practices for the federal government. Proactive auditing and certain logs can be used by organizations to comply with federal legislation and regulations: Read Audit Standards Document

One-Click FIPS Compliance

Congruity Inspector simplifies FIPS compliance, automating a review and documentation process that identifies threats that leave IT systems and confidential data exposed.