FISMA

fisma draasRecovery Point has implemented the Federal Information Security Management Act of 2002 (FISMA) to provide a high level of protection for our Hosting environment. Recovery Point is, in fact, proud to offer one of the few FISMA compliant hosting environments nationally, providing our clients with a secure, predictable and trustworthy Hosting environment in which to install their mission critical systems. We believe this also helps prospective clients make informed, risk-based, procurement decisions by knowing precisely what security measures a provider has implemented, as demonstrated in the provider’s audited processes and third party security controls assessment (SCA).

FISMA requires Recovery Point to implement, continuously monitor and audit an extensive set of security configurations and controls to protect the critical infrastructure components of the Hosting environment. Boundary protection controls include FISMA compliant policies and procedures, intrusion detection systems, multi-factor authentication, and routine vulnerability scans of the more than 200+ FISMA controls in place. The boundary helps to detect and prevent malicious intrusions into our network enclave, reducing the threat of a client-impacting event from telecomm/IP/network based cyber-attacks.

To verify compliance with the NIST 800-53 Guide for Security Controls for Information Systems, Recovery Point has undergone a rigorous third-party SCA. Conducted over a 12-week period, the SCA involved the collection, examination and testing of more than 250 security-related management, operational and technical controls to verify they were designed, implemented and operating as intended by FISMA guidance. The results are documented in a detailed security assessment report. Recovery Point has implemented a rigorous, continuous monitoring program to detect, document and report all potential security incidents in accordance with our FISMA System Security Plan.