AppSec Eases Compliance

Application Security announced best-practice policies to help government organizations meet FISMA requirements

WASHINGTON -- Application Security, Inc. (AppSecInc) ( ) today announced best-practice policies to help government organizations meet the stringent requirements of the Federal Information Security Management Act (FISMA) and the U.S. Department of Defense (DoD) Information Technology Security Certification and Accreditation Process (DITSCAP). AppSecInc made the announcement from the Gartner IT Security Summit, taking place June 5-7 at the Marriott Wardman Park Hotel in Washington, D.C.

These requirements are at least in part a response to the ongoing security breach epidemic -- since February 2005, more than 83 million Americans have had their personal information compromised. Whether the result of human error, insider espionage, or external attacks, no sector has been spared by these breaches, including government agencies. And for government organizations, the impact of these compromises ranges from the disruption of operations, to embarrassing disclosures, to national security risks.

In response to this epidemic, the Defense Information Service Agency (DISA) recently established a new set of security guidelines specific to databases. The Database Security Technical Implementation Guide (STIG) identifies known security vulnerabilities, configuration items, and other issues which must be addressed under the authority of DoD. For instance, Directive 8500.1 mandates that "all information assurance (IA) and IA-enabled IT products incorporated into DoD information systems shall be configured in accordance with DoD approved security configuration guidelines."

Application Security Inc.