I am in the planning stages to build a "target" environment that meets FISMA compliance regulations. I have plotted and designed the target equipment costing and the Gap Analysis/Risk assessment; however I was curious as to what controls I should consider looking at.
My environment will be private (no public facing access), with 2 IIS boxes, 1 SQL box, 1 AD box, 1 Barracuda backup box, and a XenServer to host 30 XenDesktop machines.
I have been looking into LogRhythm for SIEM, TrendMicro for Endpoints, Tripwire for Integrity, SAINT for Vulnerability Scanning, and ScriptLogic for AD controls/reporting.
Obviously there is no "magic bullet" that will cover ALL of the controls. My goal is to cover as many security controls that I can with as few vendors as possible.
Are there any other recommendations or other controls that I should be looking at?