Enlightened FISMA audits identify and help mitigate security vulnerabilities for our clients.
Challenge
At the Department of Health and Human Services, Enlightened was tasked with performing a FISMA Audit of QIOs, which were located in 58 separate physical sites responsible for each U.S. state, territory, and the District of Columbia.
Approach
Enlightened performed white-hat (non-intrusive) technical assessments methodologies which included scans for asset discovery, potential threat vector identification scripts, and service enumeration/port compliance tests. The security software tools known as NESSUS and N-Map were also utilized. To educate HHS employees, Enlightened provided trainings encompassing an overview of laws and directives mandating and implementing FISMA, the methodology utilized to pursue FISMA compliance, and the dynamically changing culture of FISMA within field operations.
Results
Due to the successful execution of this project, CMS was able to maintain an effective security posture by keeping up to date on recent vulnerabilities, changes in infrastructure, and identification of any new security weaknesses.
Services Provided
Provided Security IT support
Performed project management and quality assurance oversight
Documented the existing security posture and level of FISMA compliance of each QIO site
Identified deficiencies in the security posture and the minimum set of standard security controls