How ObserveIT Helps You Address FISMA
Compliance Requirements
Do You Need to Demonstrate FISMA Compliance?
The Federal Information Security Management Act (FISMA) requires U.S. government agencies to
implement and document programs to protect the confidentiality, integrity, and availability of IT
systems. Because of its role in national security, it is highly scrutinized by government regulators,
as FISMA requires each federal agency to develop, document and implement a program to provide
security for the data and IT systems that support its operations and assets.
How ObserveIT Helps You Address FISMA
Compliance Requirements
“We enjoy showing off to
our customers that every
user action is recorded. This
increases confidence
all around.”
Rick Beecroft, Area Manager,
Americas and Pacific Rim
ObserveIT can help any organization satisfy its FISMA requirements within minutes. With detailed
logs and visual recordings of all user activity—on any server, workstation or application—ObserveIT
exceeds the strictest interpretation of FISMA requirements with conclusive evidence for
compliance auditors. These audit reports can be completed in a fraction of the time, with the ability
to instantly search, analyze and view the actual video-like playback of the pinpointed session.
Here’s how ObserveIT addresses specific FISMA compliance regulations.
“Perform a gap analysis to establish security controls baseline. ”


ObserveIT captures a detailed textual log plus visual recordings of every user action, with
logs generated for every application, including those without their own internal logs.
Showing exactly what the user did – not just the underlying results – IT auditors can track
files opened, windows viewed and other specific UI activity.
ObserveIT offers a zero-gap recording of Windows and Unix/Linux sessions over any
remote connection protocol plus local console.
activity analytics within systems
“Perform a risk assessment of security controls.”


ObserveIT’s threat detection console, customizable recording policies greatly increases
your ability to identify potential problems and stop outages before they even start.
Identify, asses, correct, and prepare for future incidents using ObserveIT’s searchable
logging capabilities and video summaries. All visual and textual metadata logs are tied to
the specific user, providing visibility into all past and real-time events.
“Create a security system plan and documentation.”

ObserveIT offers a ‘just-in-time policy messaging’ feature that delivers important
messages and updates about corporate policies generally, or for specific applications and
servers. This ensures that all users have read and agreed to the security policies and
procedures before logging on, and are aware of either general or specific policies. This
feature can also deliver critical information to remote users each time they log on.
“Perform an audit of the security controls to determine effectiveness.”

ObserveIT provides an unequivocal audit trail of user activity and bulletproof evidence as
to who worked on what servers. Because of this, you can easily conduct root cause analysis
to find changes or use the advanced keyword search, which allows you to search by
applications, user names, windows, text typed and more.
“Monitor security controls on a continual basis.”

With ObserveIT, every application has a compliance audit log component, regardless of
that application’s origin. It also offers the flexibility to grow and deploy new applications
at any given time, without needing to deploy new audit protocols.
Contact us at: [email protected] | 1-800-687-0137 | www.observeit.com