Praetorian Secure continues to provide its clients with competent regulatory compliance services and can make sure your organization achieves a positive accreditation within The Federal Information Security Management Act of 2002 (FISMA). After the E-Government Act (Public Law 107-347) was signed into law by the President in December 2002, The National Institute of Standards and Technology (NIST) was tasked to formulate and publish standards for all federal agencies to follow when developing information security policy and procedures. NIST produced FISMA to standardize a process for IT security policy development focused on government operations. FISMA requires each U.S. government agency to develop, document and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Parts of the program include:

 

• Initiation Phase - preparation; notification and resource identification; and system security plan analysis, update, and acceptance

• Security Certification Phase - security control assessment and security certification documentation

• Security Accreditation Phase - security accreditation decision and security accreditation documentation

• Continuous Monitoring Phase - configuration management and control, security control monitoring, and status reporting and documentation

In meeting compliance, agencies face a dual responsibility.  First, is to meet the specific requirements established by NIST in support of the FISMA requirements; and second, is to be able to provide a risk-appropriate level of assurance that critical information security controls are operationally effective and producing the intended outcomes. Praetorian Secure can guide you organization through the FISMA Certification and Accreditation process and evaluate your compliance with all control areas.

For more information: http://www.nist.gov