|
What is Federal Information Security Management Act (FISMA)?
United States recoganized the importance of information security to the economic and security interests of the state and enacted the FISMA in 2002. FISMA has assigned specific responsibilities to the agencies National Institute of Standards and Technology (NIST) and Office of the Management and Budget (OMB). NIST develops the standards, tests, metrics, and validation programs to promote, measure, and validate the security information systems and services. FISMA requires federal agency officials to conduct annual reviews of the agency's information security program and report the results to OMB. NIST defines a broad framework for managing information security comprising of inventory of information, risk level categorization, security controls, risk assessment, system security plan, accredition and certification, and continuous monitoring.
In the grand scheme of things related to security of infromation and infromation systems of US federal agencies, EventLog Analyzer effectively addresses the security controls, risk assessment, and continuous monitoring aspects of the framework. |
The following controls are covered in the reports:
- Audit and Accountability (AU)
- Certification, Accreditation, and Security Assessments (CA)
- Contingency Planning (CP)
- Access Control (AC)
- Identification and Authentication (IA)
- Configuration Management (CM)
EventLog Analyzer provides the following reports to help comply with the FISMA
regulation controls:
- Audit and Accountability (AU)
- Object Handle
- Object Created
- Object Modified
- Object Deleted
- Object Accessed
- Certification, Accreditation, and Security Assessments (CA)
- Contingency Planning (CP)
- Windows Restore
- Windows Backup
- Access Control (AC)
- Terminal Service Session
- Unsuccessful User Logons
- Successful User Logoffs
- Successful User Logons
- Identification and Authentication (IA)
- Configuration Management (CM)
- Anti-malwares
- Other Software
- Windows Software Updates
FISMA Compliance - Windows Event IDs
Report Name
|
Event Type
|
Source
|
EventID
|
Windows Services Started
|
System
|
Service Control Manager
|
7035 |
| Windows Services Stopped |
System |
Service Control Manager |
7036 |
Windows Services Failed
|
System |
Service Control Manager |
7000-7034 |
| Windows Restore
Started |
Application
|
ntbackup,Microsoft-Windows-Backup |
192,8002 |
| Windows Restore Stopped |
Application |
ntbackup,Microsoft-Windows-Backup |
194,8003 |
Windows Restore Failed
|
Application |
ntbackup,Microsoft-Windows-Backup |
195-245 or 706-774 |
Windows Backup Started
|
Application
|
ntbackup,Microsoft-Windows-Backup |
1,8000 |
| Windows Backup Stopped |
Application
|
ntbackup,Microsoft-Windows-Backup |
4,8001 |
Windows Backup Failed
|
Application
|
ntbackup,Microsoft-Windows-Backup |
5-100 or 517-528 or 8010, 8011, 8017 |
Anti-malware Scan
|
System
|
Microsoft-Windows-Windows Defender
|
1000-1005 |
Spyware Removed
|
System
|
Microsoft-Windows-Windows Defender
|
1006-1010 |
Anti-malware Updated
|
System
|
Microsoft-Windows-Windows Defender
|
2002,2003,5007,5008 |
Other Software Installed
|
Application
|
MsiInstaller
|
11707,11728 |
Other Software Removed
|
Application
|
MsiInstaller
|
11724 |
Other Software Expired
|
Application
|
MsiInstaller
|
7023 |
Windows Software Updates Availability
|
System
|
Windows Update Agent, Microsoft-Windows-Windows Update Client
|
27,28,38,39 |
| Windows Software Updates Connectivity |
System |
Windows Update Agent, Microsoft-Windows-Windows Update Client |
16,29,30,32 |
Windows Software Updates Detected
|
System |
Windows Update Agent, Microsoft-Windows-Windows Update Client |
25,26,34,35,36,37,40 |
| Windows Software Updates Downloaded |
System |
Windows Update Agent, Microsoft-Windows-Windows Update Client |
17,18,31,33,41 |
Windows Software Updates Installed
|
System |
Windows Update Agent, Microsoft-Windows-Windows Update Client |
19,20,21,22,23,24,4377 |
|
|
