FISMA assessment and advisory services

Connect with us

The Federal Information Security Management Act (FISMA) is a federal law designed to increase the security posture of government agency federal systems, bureaus, departments, and their supporting entities, such as vendors and subcontractors.

Vendors and subcontractors that provide information systems to agencies must prove, through an annual assessment, that they meet FISMA requirements. This process involves working directly with each agency to achieve an authority to operate (ATO) and be assessed to controls based on FIPS 199, FIPS 200, and NIST SP 800-53 Revision 4.


Meet your FISMA authorization needs

Our cost-competitive FISMA assessment and advisory services help you meet your FISMA authorization needs. The process, based on the control selection for the level of impact system provided, closely follows the NIST Risk Management Framework (RMF). From controls mapping of various environments, to documentation development for a system security plan (SSP), to security testing and plan of action and milestones (POA&M) management, we can do it all.

Our FISMA compliance services help you:

  • Effectively manage risk by integrating security into current and future architectures.
  • Implement a comprehensive and secure compliance program by developing a strategic roadmap.
  • Maintain high assurance that required policies, documentation, and procedures meet compliance standards.
  • Understand the requirements to prepare or assess your solution for FISMA compliance.
  • Meet stringent compliance standards and ensure that a comprehensive framework exists for security and risk management.
Professionals reviewing financial data

FISMA assessment

Assess, test, and review your information systems with our in-depth testing and assessment capabilities, including:

  • FIPS 199 categorization, FIPS 200, and agency control selection
  • Assessment of security controls
  • Penetration testing
  • Wireless and mobile security assessments
  • Source code reviews
  • Application, database, and infrastructure vulnerability scanning and results interpretation
  • Authorization recommendation of system and continuous monitoring
  • Security assessment plan (SAP), rules of engagement (ROE), security assessment report (SAR), and POA&M development

FISMA advisory

Build security into your IT deployments with our technology consulting services, which include:

  • Architecture and system boundary assessments
  • Architecture optimization and modernization
  • Configuration management administration and operations
  • IT security and controls program development
  • Network design and third-party service provider evaluations
  • Scan tool configuration review
  • Inventory validation and analysis
  • Analysis of vulnerability scan results and POA&M validation
  • Business practice recommendations
  • Contingency system planning and additional guidance based on your agency’s requirements
  • Compliance program pre-assessments
  • FISMA documentation development, including SSP, contingency plan (CP), incident response plan (IRP), configuration management plan (CMP), privacy impact assessment (PIA), and FIPS 199 security categorization, policies, procedures, etc.
  • Continuous monitoring support, including periodic continuous monitoring reporting

Why choose Coalfire for FISMA authorization support?

  • We are the leading accredited FedRAMP® 3PAO assessing cloud service providers to NIST SP 800-53 Revision 4 as part of their FedRAMP authorization process. Accreditation was awarded based on demonstrated competence with assessing organizations to NIST SP 800-53 compliance to meet FISMA.
  • We have helped organizations achieve FISMA authorization from agencies such as the Social Security Administration, Department of Justice, General Services Administration, Health and Human Services, Department of Homeland Security, and others.

Contact us to improve your cybersecurity posture