Our cost-competitive FISMA assessment and advisory services help you meet your FISMA authorization needs. The process, based on the control selection for the level of impact system provided, closely follows the NIST Risk Management Framework (RMF). From controls mapping of various environments, to documentation development for a system security plan (SSP), to security testing and plan of action and milestones (POA&M) management, we can do it all.

Our FISMA compliance services help you:

• Effectively manage risk by integrating security into current and future architectures.
• Implement a comprehensive and secure compliance program by developing a strategic roadmap.
• Maintain high assurance that required policies, documentation, and procedures meet compliance standards.
• Understand the requirements to prepare or assess your solution for FISMA compliance.
• Meet stringent compliance standards and ensure that a comprehensive framework exists for security and risk management.

FISMA assessment

Assess, test, and review your information systems with our in-depth testing and assessment capabilities, including:

• FIPS 199 categorization, FIPS 200, and agency control selection
• Assessment of security controls
• Penetration testing
• Wireless and mobile security assessments
• Source code reviews
• Application, database, and infrastructure vulnerability scanning and results interpretation
• Authorization recommendation of system and continuous monitoring
• Security assessment plan (SAP), rules of engagement (ROE), security assessment report (SAR), and POA&M development

FISMA advisory

Build security into your IT deployments with our technology consulting services, which include:

• Architecture and system boundary assessments
• Architecture optimization and modernization
• Configuration management administration and operations
• IT security and controls program development
• Network design and third-party service provider evaluations
• Scan tool configuration review
• Inventory validation and analysis
• Analysis of vulnerability scan results and POA&M validation
• Business practice recommendations
• Contingency system planning and additional guidance based on your agency’s requirements
• Compliance program pre-assessments
• FISMA documentation development, including SSP, contingency plan (CP), incident response plan (IRP), configuration management plan (CMP), privacy impact assessment (PIA), and FIPS 199 security categorization, policies, procedures, etc.
• Continuous monitoring support, including periodic continuous monitoring reporting