Tripwire provides you the updated controls and assessment capabilities to keep up with changing compliance requirements while combating cyberattacks.
NIST 800-53
This fundamental FISMA guide provides detailed security control requirements for federal systems to be certified and accredited. Meeting and maintaining compliance to this core regulation can be challenging. Tripwire provides both key security controls and the means to monitor compliant status though continuous monitoring and workflow support of Plan of Action and Milestones (POAM).
NIST 800-171
This NIST guide describes a security control framework that is required for all non-federal entities that store and hold federal Controlled Unclassified Information (CUI) data. This includes contractors, system integrators, state and local governments and schools. Tripwire products can be used today to meet many of the NIST 800-171 core requirements.
Risk Management Framework (RMF)
FISMA compliance requires using a risk-based approach to systems security management. The Risk Management Framework (RMF) is a practice that adjusts security controls based on risk factors. The process involves a continuous cycle of identifying new threats, choosing effective controls, measuring their effectiveness and improving system security.
RMF provides the outline for the security accreditation process and Authority to Operate (ATO) of government systems. RMF guidance comes from a number of sources including NIST 800-37 and the DODI 8510.01. Tripwire’s support of the RMF comes from its ability to provide fundamental controls and comprehensive context to assess the risks outlined in RMF.
Learn More About NIST & Other Compliance Mandates:
FedRAMP/Cloud Support
FedRAMP is a program designed to help federal organizations move FISMA type certification into the cloud. It offers standardized, reusable certification of implementations of specific services by specific cloud providers. Tripwire’s ability to support hybrid physical and virtual environments provides the means for agencies to use Tripwire as part of their data center consolidation and FedRAMP environments.
Standard Policies Supported
Tripwire provides configuration hardening guidelines, policy assessment and remediation assistance on many standard policies and frameworks useful to the Federal Government. See the complete list of policies and platforms supported.
Product Validations & Certifications
Tripwire maintains the following product validations and certifications:
- SCAP validation
- Common Criteria certified
- Section 508 VPAT
- FIPS 140-2 certified