Skip to main content
Version: V10

VIDIZMO Compliance Reports

📄️ VIDIZMO Compliance with NIST FIPS 199 and SP 800-60 for Security Categorization

Introduction FIPS (Federal Information Processing Standards) are a series of standards developed by NIST (National Institutes of Standards and Technology) to fulfill security objectives for information regarding the national and economic interests of the United States. These security objectives targeting information and information security are defined by the FISMA (Federal Information Security Management Act), which is a federal law enacted in 2002.  The FISMA act tasked NIST with developing FIPS as a framework that contains guidelines and standards for federal agencies that maintain and process information. The NIST FIPS 199 publication provides guidelines for evaluating an organization's information and information systems based on the severity of their impact. VIDIZMO emphasizes data security and confidentiality as a service provider. This article aims to show how VIDIZMO applications are compliant with the guidelines defined by FIPS 199.  Understanding FIPS 199FIPS 199 provides a way framework or guidelines to categorize information and information systems according to the level of impact caused by a security breach. Areas Affected by Impact FIPS defines three aspects to determine the severity of an impact of an information or information system within an organization or federal agency; these are a company's finances. Individuals a company's mission, image, function, or reputation. Security Objectives Defined by FIPS 199 FIPS 199 emphasizes the CIA triad (Confidentiality, Integrity, and Availability) as a security objective for information and information systems. A compromise in the integrity, confidentiality, and availability of an information and information system determines the provisional impact level. FIPS 199 describes a breach in the three components as unauthorized disclosure of information Integrity disruption or denial of access to information or an information system.  Provisional Impact Levels in FIPS 199 When assigning a security category for an information system in FIPS 199, a provisional impact level is set for each security objective (which are confidentiality, integrity, and availability). Impact levels determine the extent to which an agency's operations, assets, or personnel may be affected by a compromise in security objectives. The impact levels defined in FIPS 199 are Digital Evidence Management System (DEMS), Enterprise Video Content Management (EVCM), and Redactor.  Impact Levels Confidentiality  High Availability  Low Integrity Low  C.3.5.3 System Maintenance Information TypeSystem Maintenance Information type involves all activities and information associated with maintaining in-house software applications. To ensure optimal performance across all its applications, VIDIZMO performs routine testing of all features at set time intervals. Before a new feature is released, it is rigorously tested on multiple stages or environments to ensure it performs optimally and that it does not have a significant negative impact. In addition to testing, VIDIZMO also oversees the maintenance of features that are exclusive to VIDIZMO applications.    Impact Levels  Confidentiality  Moderate Availability  High Integrity Moderate  C.3.5.5 Information Security Information TypeInformation Security Information Type addresses the security categorization of policies that an organization follows or implements to secure federal data and systems. To comply with FIPS 200 and FIPS 140-2, VIDIZMO has employed access controls, cryptographic algorithms, and more security measures. VIDIZMO utilizes policies to ensure that these security measures are implemented and maintained correctly. The guidelines outline specifications, steps, and measures for securing the required data.  Impact Levels  Confidentiality Moderate Availability Low Integrity Moderate  C.3.5.7 Information Management Information TypeInformation Management refers to an organization's ability to effectively coordinate and maintain its information assets. This includes creating guidelines, policies, and standards for the storage and preservation of all types of information within the organization. For VIDIZMO applications, information management is mainly carried out using databases for user information and internal system data.  Impact Levels  Confidentiality Moderate Availability Moderate Integrity Moderate  Importance of FIPS 199 Developing Effective and Adequate Security ControlsFIPS is put in place to ensure that organizations, namely federal agencies, can carry out their duties even in case of a data breach. FIPS provides a framework for agencies to effectively gauge the vulnerabilities and impact of specific types of data when it is compromised. Assessment with FIPS 199 allows organizations to develop appropriate control mechanisms and security measures for their data.Being Informed of New Potential ThreatsAs information and information systems become more complex, federal agencies must be informed of the ways data can be compromised. FIPS 199 helps with the identification of areas where potential attacks can occur and how they can affect an organization's assets, individuals, reputation, or functionality. Efficient Division of Security ResourcesAssigning data to the appropriate security categories based on its criticality helps agencies implement security controls and mechanisms effectively. This approach allows agencies to allocate their security resources cost-effectively. Conducting a proper information system impact analysis is crucial to avoid overprotecting or underprotecting the information system. Overprotection can result in a waste of valuable security resources, while underprotection can put critical operations and assets at risk.ConclusionFIPS 199 establishes security categories based on the expected magnitude of harm resulting from compromises. Compliance with FIPS 199 prioritizes the information and information systems of an agency.  VIDIZMO follows FIPS 199 to ensure data integrity is maintained and that it is correctly assessed according to the criticality and sensitivity of the information and information systems. The assessment also helps in implementing the proper security measures to protect the information and information systems.  VIDIZMO also complies with the minimum security requirements defined in FIPS 200 to safeguard its information and information system. Visit <a href="VIDIZMO%20Compliance%20with%20Minimum%20Security%20Requirements%20in%20FIPS%20200.md

📄️ VIDIZMO Compliance with NIST SP 800-53

In today's world of advanced technology and digital platforms, where sensitive information is pervasive, ensuring data security is crucial. Breaches can have severe consequences, affecting individuals, organizations, and national security. Compliance with robust frameworks like NIST SP 800-53 is essential, addressing key aspects such as Protecting Sensitive Information, Building Trust and Credibility, Meeting Regulatory Requirements, Reducing Financial Losses, and Enhancing Operational Resilience.