Enlightened FISMA audits identify and help mitigate security vulnerabilities for our clients.
At the Department of Health and Human Services, Enlightened was tasked with performing a FISMA Audit of QIOs, which were located in 58 separate physical sites responsible for each U.S. state, territory, and the District of Columbia.
Enlightened performed white-hat (non-intrusive) technical assessments methodologies which included scans for asset discovery, potential threat vector identification scripts, and service enumeration/port compliance tests. The security software tools known as NESSUS and N-Map were also utilized. To educate HHS employees, Enlightened provided trainings encompassing an overview of laws and directives mandating and implementing FISMA, the methodology utilized to pursue FISMA compliance, and the dynamically changing culture of FISMA within field operations.
Due to the successful execution of this project, CMS was able to maintain an effective security posture by keeping up to date on recent vulnerabilities, changes in infrastructure, and identification of any new security weaknesses.
- Provided Security IT support
- Performed project management and quality assurance oversight
- Documented the existing security posture and level of FISMA compliance of each QIO site
- Identified deficiencies in the security posture and the minimum set of standard security controls
- Categorized security weaknesses (low, moderate, high)
- Provided recommendations for security improvement
- Identified associated costs
- Conducted trainings