What is FISMA?
The Federal Information Security Management Act (FISMA) (2002) and it’s amendments has established the information security requirements to which federal agencies, state agencies administering federal programs and any and all relevant subcontractors must adhere. Introduced as part of the larger E-Government Act (2002), it requires all covered organizations to have in place a properly documented, annually reviewed, cost effective, information security program covering all relevant policies, processes and procedures.
What does FISMA compliance look like?
The National Institute of Standards and Technology (NIST) 800-53 outlines the rigorous set of requirements which must be met to obtain and maintain FISMA compliance. These involve a fully documented, implemented and regularly assessed security plan/program which includes but is not limited to the proper risk-based categorization of protected information to ensure that the most sensitive information is protected most rigorously; a full inventory of all systems and any other systems with which they are integrated; regular risk assessments at organization, process and system level; appropriate, effective security controls; and certification, accreditation and continuous monitoring of the security control in place.
How can Pointe Solutions help you with your FISMA compliance?
The team at Pointe Solutions is here to help you achieve and maintain FISMA compliance through developing, implementing and documenting an information security program which ensures the proper standards are met and monitored. We can support you every step of the way, partnering with you to provide a full range of services including system inventory, risk-based information categorization, as-is/current state security analysis and NIST standard gap analysis, preparation audits, technical tests and scans, consulting and advice to achieve and maintain compliance without losing the all important management focus on day to day business and operations.