CMx Federal
CloudCheckr has launched CMx Federal—designed for any organization that must adhere to federal IT security standards.
CMx Federal is inspired by:
- the Federal Information Security Management Act (FISMA)—a US law signed into legislation in 2002 that outlines a framework to protect government information, operations, and assets from natural or man-made threats
- the Federal Risk and Authorization Management Program (FedRAMP)—a US government program that provides standards on security assessment, authorization, and monitoring of cloud-based resources
Features
The table identifies some of the key features in this product:
Feature |
Details |
Controls |
|
Uptime and Availability |
|
Managed by Approved Staff |
|
Frequent Software Updates |
|
Corporate Compliance Friendly |
|
Fast Purchase Approval |
|
NIST 800-53 Controls
NIST 800-53 corresponds to the special publication and database of the same name, which is created and maintained by the National Institute of Standards and Technology (NIST), a division of the US Department of Commerce.
NIST 800-53 Controls represent the security controls and associated assessment procedures defined in NIST SP 800-53 (Revision 4) Recommended Security Controls for Federal Information Systems and Organizations.
Control Families
CMx Federal includes the following control families, which support the development of secure and resilient federal information systems:
- Access Control (AC)
- Audit and Accountability (AU)
- Awareness and Training (AT)
- Configuration Management (CM)
- Contingency Planning (CP)
- Identification and Authentication (IA)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Personnel Security (PS)
- Physical and Environmental Protection (PE)
- Planning (PL)
- Risk Assessment (RA)
- Security Assessment and Authorization (CA)
- System and Communications Protection (SC)
- System and Information Integrity (SI)
- System and Services Acquisition (SA)
- Multi-Factor Authentication (MFA) access requirement
- High availability and contingency planning
- Minimum of three data and system backups
- Encryption validated by the US government computer security standard, Federal Information Processing Standard (FIPS) Publication 140-2
- Encryption of all data at rest an in transit
- Regular assessment by a third-party assessment organization to ensure NIST 80053 compliance—including monthly reviews of Threat and Vulnerability Management
- Domain Name System Security Extensions (DNSSEC) support
- Infrastructure that meets and adheres to NIST 80-53 controls
- Additional security monitoring including intrusion detection, file integrity, and AI-based threat detections