McAfee automates FISMA compliance

A new version of McAfee’s Foundstone Enterprise risk management software will automatically tell customers whether they comply with the Federal Information Security Management Act (FISMA) of 2002 and four other federal and commercial regulations, the company announced Oct. 31.

Available as an update for existing customers, Foundstone Enterprise 4.2 evaluates a customer’s network and assesses whether it complies with the regulations’ vulnerability and configuration requirements. The application also specifically advises courses of action to make noncompliant elements compliant.

Foundstone Enterprise 4.2 contains templates that monitor requirements for FISMA, the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996, the Payment Card Industry Data Security standard, and the ISO 17799/British Standard 7799 for risk management.

The upgrade goes beyond risk management to enable customers to audit themselves and improve their compliance, Mike Carpenter, McAfee’s vice president of federal operations, said in an e-mail message.

“This way, they are ahead of the curve instead of playing catch up,” Carpenter said. The upgrade is also designed to reduce the time and money McAfee customers spend staying compliant with the regulations.

McAfee worked with the Justice Department to create the update, Carpenter said. Keeping information secure and meeting regulatory requirements are two of the department’s top priorities, said Dennis Heretick, chief information security officer at Justice.

“Foundstone gives us a window into our security posture by identifying vulnerabilities and noncompliance with department policies,” Heretick said in an e-mail message.

The application “helps reduce security and compliance costs, manage risk more effectively and improve reporting and security metrics," he said.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.