FISMA

The Federal Information Security Management Act, more commonly referred to as FISMA, is a United States federal law requiring federal agencies, departments, and their supporting entities (vendors and contractors), to develop, document, and implement an information security and protection program.

As such, FISMA is one of the most important regulations for federal data security standards and guidelines. Here’s how we achieve compliance for our clients:

• FISMA workshops and authorization roadmap development
• Overview of the FISMA authorization process
• CUI and Boundary review and scoping
• ROI identification and justification
• Assistance with discussions with potential or current agency AOs
• Tailored educational sessions for key stakeholders and executives
• Development of detailed roadmap for authorization
• Security and controls program development
• Alignment to existing controls frameworks
• Gap assessments
• Overview of the FISMA authorization process and timeline
• Review of boundary and data flow documentation
• Identification of gaps in the current NIST 800-53 control implementations
• Development of risk-ranked recommendations and future state roadmap
• FISMA documentation and remediation support
• Security policy and documentation development
• System Security Plan
• Incident Response Plan
• Contingency Plan
• Configuration Management Plan
• Privacy Impact Assessment
• FIPS 199 categorization
• All supporting policies and procedures
• Remediation of identified gaps and deficiencies
• Assessment/audit coordination and support
• Continuous monitoring development and execution
• Vulnerability Scanning and Penetration Testing