McAfee automates FISMA compliance

BY Michael Arnone

Starting in November, users of McAfee, Inc.'s Foundstone Enterprise risk-management software will automatically know whether they comply with the Federal Information Security Management Act of 2002 (FISMA) and four other federal and commercial regulations, the company announced Oct. 31.

Available as an update to existing customers, Foundstone Enterprise 4.2 automatically evaluates a customer's network and assesses whether the network complies with the vulnerability and configuration requirements of the regulations. The application also specifically advises courses of action to make noncompliant elements compliant.

Foundstone Enterprise 4.2 contains templates that monitor requirements for FISMA; the Sarbanes-Oxley Act of 2002 (SOX); the Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Payment Card Industry (PCI) standard; and the ISO 17799/British Standard 7799 for risk management.

The upgrade goes beyond risk management to enable customers to audit themselves and improve their compliance, Mike Carpenter, McAfee's vice president of federal operations, said in an e-mail message.

'This way they are ahead of the curve instead of playing catch up,' Carpenter said. The upgrade is also designed to reduce the time and money McAfee customers spend staying compliant with the regulations.

McAfee worked with the Justice Department to create the update, Carpenter said. Keeping information secure and meeting regulatory requirements are two of the Justice Department's top priorities, said Dennis Heretick, chief information security officer at the Justice Department.

'Foundstone gives us a window into our security posture by identifying vulnerabilities and non-compliance with Department policies,' Heretick said in an e-mail message.

The application 'helps reduce security and compliance costs, manage risk more effectively, and improve reporting and security metrics," Heretick said.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected