Are there automated tools to support FISMA implementation and efficient and affordable generation of certification and accreditation evidence?
Yes. There are many emerging automated support tools that can help federal agencies implement and assess security controls necessary for FISMA compliance. Many of the technical security controls in NIST Special Publication 800-53 that have security configuration settings can benefit from the automated testing procedures being developed under the multi-agency Information Security Automation Program using the Security Content Automation Protocol. Automated support tools for the management and reporting of FISMA-related information are also available under the OMB Line of Business initiative.