The National Information Assurance (NIA) Policy provides organizations with the necessary cybersecurity foundation and the relevant tools to enable the implementation of a full-fledged Information Security Management System. Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks such as the NIA.
The NIA policy guides organizations in classifying the impact of information security threats (and risk), as well as the selection of suitable mitigating controls, with the goal of:
- Protecting information assets
- Effectively manage information security risks
- Achieving regulatory compliance
- Easing the compliance journey for international standard certifications (ISO 27001 and others)
The NIA policy is applicable in all business contexts to support national and/or sectoral compliance requirements. But for security professionals, staying compliant can be difficult due to the complexity of applying the controls, especially without the right cybersecurity tools. This policy specifies high-level information classification and also focuses on system information and integrity for entities in the State of Qatar.
The security controls of NIA cover mainly technical control areas that need to be implemented as baseline security. In addition, NIA policy requires integrity checks of all servers, the regular review of system security, system audit trails and logs, and confirmation of the state of system configurations. Fortra’s solution portfolio offers deep coverage for NIA compliance. See the table below to learn how each section maps to its corresponding Fortra solution.
Chapter 4: Security Governance & Security Process
NCSA Section # | Category | Fortra Solution |
---|---|---|
4 |
Data Classification Label |
Fortra's data classification solutions help you identify and classify all your data types. |
5 |
Change Management |
Fortra's Tripwire Enterprise helps monitor the integrity and protect your data by identifying unauthorized changes made in your environment. Fortra’s Tripwire Dynamic Software Reconciliation automates the verification and promotion of authorized changes. |
6 |
Personal Security |
Fortra's Core Security helps you identify and manage access with identity and access management (IAM) solutions. Fortra’s Core Privileged Access Manager (BoKS) provides comprehensive account and privileged access management with centralized administration for instantaneous provisioning. |
7 |
Security Awareness |
Fortra's Terranova Security provides engaging cybersecurity awareness training to help build a cyber-aware culture. |
8 |
Incident Management |
Fortra's vulnerability management solutions provide a network map with asset visualization to help identify and prioritize vulnerabilities before an attacker does. Fortra’s offensive security solutions and services help you proactively pinpoint your greatest cybersecurity risks using the same techniques as the attackers. |
10 |
Logging and Security Monitoring |
Fortra's Tripwire LogCenter provides centralized log collection and analysis to be able to quickly respond to threats in your environment. Fortra’s Digital Guardian provides both endpoint and network data loss prevention (DLP) solutions to protect against threats to sensitive information. |
13 |
Audit and Certifications |
Fortra's Tripwire Enterprise automates compliance evidence to help save time and budget on preparation with audit-ready reporting. |
Chapter 5: Security Controls
NCSA Section # | Category | Fortra Solution |
---|---|---|
2 |
Network Security |
Fortra's Agari Phishing Defense and Response detects business email compromise scams by continuously scanning for indicators of compromise. Fortra’s Clearswift Secure Email Gateway helps keep your organization safe by monitoring the emails coming into and out of your organization. |
3 |
Information Exchange |
Fortra’s Digital Guardian enables data loss prevention to protect intellectual property and personal information by capturing and recording events at the system, user, and data level. Fortra’s GoAnywhere secures file transfers to enable complete control over files to ensure they are secure both in transit and at rest. Fortra’s Clearswift Secure Web Gateway keeps critical data safe by providing complete control over the information that is accessed or shared online. |
4 |
Gateway Security |
Fortra’s Clearswift Secure Web Gateway helps organizations enforce consistent internet security through flexible and granular policy management. |
6.3 |
Software Security |
Fortra’s Beyond Security BeSTORM and BeSOURCE solutions enable application control with dynamic and static application security testing. |
6.4 |
Web Applications |
Fortra's Alert Logic Web Application Firewall (WAF) services help block threats against your critical web applications. Fortra’s Digital Defense Frontline Web Application Scanning simplifies dynamic testing with accurate assessment results and minimal consumption of resources. |
6.5 |
Database |
Fortra's Digital Guardian provides database classification and protection by monitoring and blocking threats to organizational data. |
8.2 |
Media Classification and Labeling |
Fortra’s PhishLabs mitigates brand abuse by continuously monitoring the web and social media to remove damaging content and uses automated killswitches in the event of account takeover. Fortra’s Agari DMARC Protection helps administrators prevent hackers from hijacking domains for email spoofing, impersonation, and spear phishing to thwart brand abuse. |
9 |
Access Control Security |
Fortra’s access management solutions establish a solid foundation for identity and access management with granular privilege access controls, provisioning, and multi-factor identification. Fortra’s Tripwire Enterprise uses security configuration management to detect misconfigurations that impact access control. |
10 |
Cryptography |
Fortra's Vera digital rights management (DRM) solution provides encryption, security and policy management to the data itself, no matter where it goes. Fortra’s data security solutions help meet a wide variety of encryption needs. |