Federal Information Security Modernization Act (FISMA)

The Federal Information Security Modernization Act protects federal services and operations. Federal agencies should comply with FISMA and secure confidential federal information.

FISMA mandates federal agencies and those that work closely with them to set up an inventory, categorize information, asses risks, and come up with a security plan to tackle and implement security controls.

With the help of M365 Manager Plus, monitor your Microsoft 365 environment and obtain comprehensive reports on all objects, user logon activity, and more to become FISMA compliant.

The following table lists the FISMA compliance requirements and M365 Manager Plus reports that help meet them.

Section	Description	Reports
AC-7 (a)	Unsuccessful logon attempts- The information system enforces a limit of consecutive invalid logon attempts by a user during the specified time period.	User Logon Activity Recent Logon Failure
AC-9	Previous logon (access) notification: The information system notifies the user, upon successful logon (access) to the system, of the date and time of the last logon (access).	Recent Successful Logon User Logon Activity
AU-1	Audit and accountability policy and procedures	Azure Admin Activity Exchange Admin Activity Malware Detections Spam Detections
AU-2	Audit events	Azure Admin Activity Exchange Admin Activity Malware Detections Spam Detections
IA-4	Identifier management	User Logon Activity Recent Successful Logon Recent Logon Failure OneDrive Events Log
IA-5	Authenticator Management	OWA Logon by Users Exchange Admin Activity Azure Admin Activity

Steps to generate FISMA compliance reports in M365 Manager Plus

1. Log on to M365 Manager Plus and navigate to the Reports tab.
2. In the left pane, click Compliance Reports.
3. Under FISMA, click the report that you wish to generate.
4. Select the desired domain(s) and click Generate Now.