About OpenFISMA

openfisma-logoThe robust research and development (R&D) efforts at Telesis deliver innovative solutions to exceed our clients’ expectations.  We understand that it is vital for our clients to meet regulatory requirements to mitigate risk to their network and our nation.

Telesis develops risk management tools such as OpenFISMA, an open source application designed to reduce the complexity and automate regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).  Specifically, many of the IT security controls within NIST Special Publication (SP) 800-53 can be automated through configuration settings.  OpenFISMA enables Federal agencies to benefit from this automation, breaks down complex SPs for easier compliance and eases the Office of Management and Budget (OMB) reporting requirements.

OpenFISMA goes beyond the strict legal requirements to create a comprehensive, modular approach to IT security management.  The modular design makes it easy for users to access the tools that they need, such as the Findings module.  One of the primary FISMA requirements is for Federal Agencies to track, manage, and monitor agency Plans of Actions and Milestones (POAMs) for security findings and control deficiencies.  The Findings module makes this information easily accessible and organized.  We constantly profile and optimize the back end to ensure ease-of-use and speed through Agile software development.  We continuously develop OpenFISMA through short iterations to deliver new releases that will immediately our clients.  Following the Agile Manifesto, we focus on the current iteration before moving forward to the next.  This enables us to address the lessons learned from the previous iterations sooner rather than later.

OpenFISMA is an open source software licensed under the GNU Public License v3 (GPL3).  This license allows anybody, anywhere to download and view the source code, modify it, repackage it, and redistribute it.  The main requirement of this license is that any modifications that are made must be shared back to the community.  In this way, the software remains free and open forever.  This license bears a number of advantages for Federal Agencies such as the absence of vendor lock-in, distributed cost and security through transparency.