By Mandate


The Federal Information Security Management Act of 2002, or FISMA, requires the protection of data that is created, stored or accessed by the federal government.

Divide and Conquer

Federal information systems contain confidential information and are subject to frequent threats, thus necessitating FISMA, although skills-starved government agencies have experienced consistent difficulties shoring up their weaknesses. The good news is Trustwave can help you respond to FISMA's prescriptive requirements.

FISMA: Fast Facts and Consequences

  • FISMA decrees that a comprehensive information security program should include, among other things, continuous monitoring and procedures for detecting, reporting and responding to incidents.
  • The Federal Information Security Modernization Act of 2014 amended the Federal Information Security Management Act of 2002 with several changes, including introducing incident reporting requirements and invoking authority for the U.S. Department of Homeland Security.
  • The federal Office of Management and Budget annually reports to Congress on the status of FISMA compliance across the federal government. (FISMA also applies to state government agencies that administer federal programs, in addition to private vendors that maintain contracts with the federal government.)
  • Penalties for non-compliance include reduction in federal funding and censure from future contracts by Congress, as well as possible reputational harm should an incident occur.
Research Report

2019 Trustwave Global Security Report

Cybercriminals and nation state actors are constantly refining their attack techniques, probing for weaknesses to exploit and adding to their arsenals for the sole purpose of cracking your environment to steal data and cause serious disruptions. The 2019 Trustwave Global Security Report is a comprehensive data-driven guide on the shifting threat landscape for keeping organizations informed and one step ahead of today’s digital marauders.

Get Your Copy Now

End-to-End Coverage.

  • Dashboard Portal Icon

    Tailored for Your Organization

    Our risk governance framework, powered by compliance and security expertise, will help identify your gaps and let you know what you need to do to get secure and compliant.

  • Call Center Person Icon

    Extensive and Experienced Support

    In addition to being a qualified security assessor, Trustwave is a qualified Payment Application Data Security Standard (PA-DSS) assessor, point-to-point encryption (P2PE) assessor, approved scanning vendor (ASV) and a PCI forensic (PFI) investigator.

  • Compliance Management Icon

    Security Portfolio Enables Compliance

    The award-winning Trustwave Fusion platform is the foundation for delivering centralized, integrated and on-demand management of PCI compliance and security programs.

  • SpiderLabs Icon

    Supported by Industry-Leading Threat Intelligence

    Our elite SpiderLabs team and federated global network of advanced security operations centers produce unique threat intelligence that helps us prevent, monitor and respond to security events.


Through a comprehensive portfolio designed to respond to modern-day security threats, Trustwave helps government agencies ensure compliance with FISMA requirements.

Managed Security Services

Augment your existing staff with managed security services that evolve processes, elevate data protection strategies and advance the way you monitor for, detect and respond to threats. With deep expertise and unmatched threat intelligence, we will design a program that supports your security and FISMA demands, while giving you complete visibility and control.

Managed Security Testing

Receive on-demand, precision-based penetration testing with just a few clicks of a mouse. With a subscription, you can log in to the portal and schedule testing of vulnerabilities in databases, networks and applications.

Enterprise-Grade Data Security

Identify security lapses and ensure your information repositories stay protected from internal gaffes and nefarious attackers, while maintaining compliance with FISMA.

Incident Readiness and Response

Prepare for and react to security incidents and breaches with the help of our SpiderLabs team, who identifies root causes of incidents and communicates responses in a way your team and management can understand.