Watchfire to release FISMA compliance product

Watchfire Corp., a vendor of online risk management software, willon Monday release a new product designed to help U.S. governmentWeb sites comply with a broad range of security, privacy and otherfederal regulations.

The eGov Compliance module of Watchfire’s WebXM compliance auditingtool targets requirements in the Federal Information SecurityManagement Act (FISMA), passed by the U.S. Congress in 2002, aswell as other Web mandates from the White House Office ofManagement and Budget (OMB).

Unlike some other FISMA compliance products, the Watchfire toolfocuses on Web site standards, as opposed to other parts ofgovernment agencies’ IT assets, said David Grant. senior directorof product development for Watchfire. “A Web site is more and morepart of your critical IT infrastructure,” Grant said. “It’s agrowing piece of FISMA.”

Watchfire’s announcement comes after the U.S. House ofRepresentatives Government Reform Committee released its annualgrades for cybersecurity and FISMA compliance at 24 large federalagencies. Eight agencies, including the departments of Defense,State and Homeland Security, received failing F grades, and anotherfive agencies received grades between D+ and D-. Seven agencies,including the Department of Labor and the Social SecurityAdministration, received grades of A- or better.

While Web site security isn’t the only IT area measured by FISMA,it can be a problem for many agencies, Grant said.

A Watchfire survey of the 20 largest U.S. government agencies thisquarter found that 11 percent of agency Web sites containedthird-party cookies, 32 percent of sites contained first-partycookies with no user privacy preferences enabled, and 11 percent ofsites used third-party images containing cookies that track useractivity, Watchfire said. In addition to those FISMA violations,Watchfire found violations of other OMB rules, including brokenlinks at 19 percent of the government Web sites, missing searchengine metadata at 80 percent of the sites, andslower-than-acceptable page loading times at 81 percent of thesites.

WebXM, using a Web-based reporting tool, is designed to automatethe auditing and analysis of FISMA security and privacy rules, aswell as OMB requirements for Web site quality and accessibility,Watchfire said. The tool also has an automated inventory functionto help agencies to comply with FISMA rules on completing ITinventories. The new eGov Compliance also automates the analysisand reporting of OMB guidelines and best practices as defined bythe U.S. Interagency Committee for Government Information (ICGI),said Watchfire, a 10-year-old company based in Waltham,Massachusetts.

The dynamic nature of Web sites can make compliance challenging,Grant said. “They’re changing all the time,” he added. “They’revery hard to lock down.”

Watchfire’s eGov Compliance module ships with compliance reportsfocusing on nine categories of best practices defined by the ICGIWeb Content Managers Working Group. They can be customized to anagency’s individual needs in areas such as managing content, searchfunctionality, and site improvements, Watchfire said.

The eGov Compliance module for WebXM will be available Monday.Pricing starts at US $75,000 for software housed on a customer’scomputers, and $5,000 a month for a service hosted by Watchfire.