What is Federal Information Security Management Act (FISMA)?
United States recognized the importance of information security to the economic and security interests of the state and enacted the FISMA in 2002. FISMA has assigned specific responsibilities to the agencies National Institute of Standards and Technology (NIST) and Office of the Management and Budget (OMB). NIST develops the standards, tests, metric, and validation programs to promote, measure, and validate the security information systems and services. FISMA requires federal agency officials to conduct annual reviews of the agency's information security program and report the results to OMB. NIST defines a broad framework for managing information security comprising of inventory of information, risk level categorization, security controls, risk assessment, system security plan, accredit ion and certification, and continuous monitoring.
| In the grand scheme of things related to security of information and information systems of US federal agencies, EventLog Analyzer effectively addresses the security controls, risk assessment, and continuous monitoring aspects of the framework. The following controls are covered in the reports:
|
EventLog Analyzer provides the following reports to help comply with the FISMA regulation controls:
|
Report Name
|
Event Type
|
Source
|
EventID
|
|---|---|---|---|
| Windows Services Started | System | Service Control Manager | 7035 |
| Windows Services Stopped | System | Service Control Manager | 7036 |
| Windows Services Failed | System | Service Control Manager | 7000-7034 |
| Windows Restore Started | Application | ntbackup,Microsoft-Windows-Backup | 192,8002 |
| Windows Restore Stopped | Application | ntbackup,Microsoft-Windows-Backup | 194,8003 |
| Windows Restore Failed | Application | ntbackup,Microsoft-Windows-Backup | 195-245 or 706-774 |
| Windows Backup Started | Application | ntbackup,Microsoft-Windows-Backup | 1,8000 |
| Windows Backup Stopped | Application | ntbackup,Microsoft-Windows-Backup | 4,8001 |
| Windows Backup Failed | Application | ntbackup,Microsoft-Windows-Backup | 5-100 or 517-528 or 8010, 8011, 8017 |
| Anti-malware Scan | System | Microsoft-Windows-Windows Defender | 1000-1005 |
| Spyware Removed | System | Microsoft-Windows-Windows Defender | 1006-1010 |
| Anti-malware Updated | System | Microsoft-Windows-Windows Defender | 2002,2003,5007,5008 |
| Other Software Installed | Application | MsiInstaller | 11707,11728 |
| Other Software Removed | Application | MsiInstaller | 11724 |
| Other Software Expired | Application | MsiInstaller | 7023 |
| Windows Software Updates Availability | System | Windows Update Agent, Microsoft-Windows-Windows Update Client | 27,28,38,39 |
| Windows Software Updates Connectivity | System | Windows Update Agent, Microsoft-Windows-Windows Update Client | 16,29,30,32 |
| Windows Software Updates Detected | System | Windows Update Agent, Microsoft-Windows-Windows Update Client | 25,26,34,35,36,37,40 |
| Windows Software Updates Downloaded | System | Windows Update Agent, Microsoft-Windows-Windows Update Client | 17,18,31,33,41 |
| Windows Software Updates Installed | System | Windows Update Agent, Microsoft-Windows-Windows Update Client | 19,20,21,22,23,24,4377 |
400-660-8680
