FISMA compliance is now one of the top three security concerns for federal CISOs.

Storage Encryption for Government - FIPS Certified Security for Government

Questions? Contact our
Federal Sales Specialists today.

Government Solutions Datasheet NeoScale Solutions Brochure

Learn about NeoScale Products

2007 GCN Online Survey: Tracking Storage Security

Volume and Scope without Comparison

The sheer volume of information held in government information systems is astonishing. Consider that the federal government is the largest employer in the U.S., with a 1.9 million-member workforce. Add to the mix a warehouse of information about nearly every U.S. citizen and the scale becomes difficult to conceive.

The scope of information is also daunting – everything from highly classified national security secrets to the details of John Doe's last income tax return must be stored and protected. Combine these factors with an organization that spans more than 75 different federal agencies – each with its own information systems – and the security challenge is nearly beyond comprehension.

Government Security Breaches Come into the Spotlight

Even though the government is a prime target, it is not often found in the media spotlight concerning personal information threats. All that, however, is changing. The Internal Revenue Service (IRS) recently ordered a security review of its data aggregator, the same company that allowed criminals to access the personal data of 145,000 people. That move came shortly after the Government Accountability Office (GAO) cited the IRS with 39 new information security weaknesses, in addition to 21 previously identified and uncorrected problems. The Department of Homeland Security has come under fire too, with the GAO reporting that its systems are not up to federal information security standards. These problems are not limited to federal agencies. For example, thieves broke into a Nevada Department of Motor Vehicles office last year and stole personal information of approximately 8,738 citizens.

FIPS Certification a “Must Have” for FISMA Compliance

Setting standards to meet the federal information security challenge is under the purview of the White House Office of Management and Budget (OMB). The OMB, seeking to cap security flaws across all federal agencies, enacted the Federal Information Security Management Act (FISMA) as part of the 2002 e-Government Act. FISMA requires each federal agency to implement comprehensive information security policies and practices. The standards are quite strict and, as a result, FISMA compliance is now one of the top three security concerns of federal chief information security officers (CISOs). ¹

To become FISMA compliant, government agencies must tackle access control, audit and accountability, configuration management, and identification and authentication issues – automating the security process in order to submit annual security system assessments to the OMB. The Federal Information Processing Standard (FIPS) defines identity authentication security requirements needed for FISMA compliance. FIPS I40-2 Level 3 certification provides the highest levels of security assurance, employing advanced security measures including physical tamper resistance, identity-based authentication, key encryption, and “red-black separation” for keys and data.

Only One Company Delivers Appliance-Level FIPS I40-2 Level 3 Certification

NeoScale Systems, Inc. is the only company to offer storage security appliances with top-to-bottom, appliance-level FIPS I40-2 Level 3 certification. NeoScale's FIPS security extends from hardware components to the operating system and reaches out to system-level user-access control and key management features for both primary storage and SAN extension applications. The NeoScale CryptoStor^® storage security appliances automate encryption key management, access control, and authentication – making it possible to meet government requirements for the protection of varying tiers of sensitive data. Using NeoScale centralized management features, government agencies can consolidate the storage infrastructure while at the same time isolating tiers of data, thereby ensuring that only the right information becomes available to the right users in the right way.

NeoScale Solutions – Seamless. Reliable. Secure.

NeoScale, the industry leader in enterprise storage security, delivers CryptoStor storage security appliances that are purpose-built to provide ubiquitous, immediate, and transparent protection of storage data regardless of application, transport, media type, or location – with the lowest latency delays and minimal impact on response time.

CISOs are justifiably concerned about the complexities that encryption can impose on performance and the overall storage infrastructure. However, NeoScale's storage security appliances not only operate with nearly no impact to performance, they automate and simplify the procedures required for access control, audit and accountability, as well as identification and authentication.

NeoScale enables CISOs to securely automate the transfer and recovery of information from primary or secondary storage and minimize operational complexity at the lowest possible cost. Easy to deploy, NeoScale's CryptoStor enterprise-class solutions offer high-speed security that can selectively compress, encrypt, and authenticate data.