EventLog Analyzer

-

IT Compliance & Event Log Management Software for SIEM

FISMA Compliance Audit Reports

Compliance Audit Reports for Federal Information Security Management Act (FISMA)

What is Federal Information Security Management Act (FISMA)?

United States recognized the importance of information security to the economic and security interests of the state and enacted the FISMA in 2002. FISMA has assigned specific responsibilities to the agencies National Institute of Standards and Technology (NIST) and Office of the Management and Budget (OMB). NIST develops the standards, tests, metric, and validation programs to promote, measure, and validate the security information systems and services. FISMA requires federal agency officials to conduct annual reviews of the agency's information security program and report the results to OMB. NIST defines a broad framework for managing information security comprising of inventory of information, risk level categorization, security controls, risk assessment, system security plan, accredit ion and certification, and continuous monitoring.

FISMA IT Compliance Report

In the grand scheme of things related to security of information and information systems of US federal agencies, EventLog Analyzer effectively addresses the security controls, risk assessment, and continuous monitoring aspects of the framework.

The following controls are covered in the reports:

  • Audit and Accountability (AU)
  • Certification, Accreditation, and Security Assessments (CA)
  • Contingency Planning (CP)
  • Access Control (AC)
  • Identification and Authentication (IA)
  • Configuration Management (CM)

EventLog Analyzer provides the following reports to help comply with the FISMA regulation controls:

  • Audit and Accountability (AU)
    • Object Handle
    • Object Created
    • Object Modified
    • Object Deleted
    • Object Accessed
  • Certification, Accreditation, and Security Assessments (CA)
    • Windows Services
  • Contingency Planning (CP)
    • Windows Restore
    • Windows Backup
  • Access Control (AC)
    • Terminal Service Session
    • Unsuccessful User Logons
    • Successful User Logoffs
    • Successful User Logons
  • Identification and Authentication (IA)
    • Individual User Action
  • Configuration Management (CM)
    • Anti-malwares
    • Other Software
    • Windows Software Updates

FISMA Compliance - Windows Event IDs

Report Name
Event Type
Source
EventID
Windows Services Started System Service Control Manager 7035
Windows Services Stopped System Service Control Manager 7036
Windows Services Failed System Service Control Manager 7000-7034
Windows Restore Started Application ntbackup,Microsoft-Windows-Backup 192,8002
Windows Restore Stopped Application ntbackup,Microsoft-Windows-Backup 194,8003
Windows Restore Failed Application ntbackup,Microsoft-Windows-Backup 195-245 or 706-774
Windows Backup Started Application ntbackup,Microsoft-Windows-Backup 1,8000
Windows Backup Stopped Application ntbackup,Microsoft-Windows-Backup 4,8001
Windows Backup Failed Application ntbackup,Microsoft-Windows-Backup 5-100 or 517-528 or 8010, 8011, 8017
Anti-malware Scan System Microsoft-Windows-Windows Defender 1000-1005
Spyware Removed System Microsoft-Windows-Windows Defender 1006-1010
Anti-malware Updated System Microsoft-Windows-Windows Defender 2002,2003,5007,5008
Other Software Installed Application MsiInstaller 11707,11728
Other Software Removed Application MsiInstaller 11724
Other Software Expired Application MsiInstaller 7023
Windows Software Updates Availability System Windows Update Agent, Microsoft-Windows-Windows Update Client 27,28,38,39
Windows Software Updates Connectivity System Windows Update Agent, Microsoft-Windows-Windows Update Client 16,29,30,32
Windows Software Updates Detected System Windows Update Agent, Microsoft-Windows-Windows Update Client 25,26,34,35,36,37,40
Windows Software Updates Downloaded System Windows Update Agent, Microsoft-Windows-Windows Update Client 17,18,31,33,41
Windows Software Updates Installed System Windows Update Agent, Microsoft-Windows-Windows Update Client 19,20,21,22,23,24,4377