FISMA compliance requires agencies and companies doing business with the government to face a dual responsibility
(FISMA ) Federal Information Assurance Management Act Background
The National Institute of Standards and Technology (NIST) was tasked to formulate and publish standards for all federal agencies to follow when developing information security policy and procedures. NIST produced FISMA to standardize a process for IT security policy development focused on government operations.
FISMA requires each U.S. government agency to develop, document and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
Each phase in the FISMA security certification and accreditation process consists of a set of well-defined tasks and sub tasks that are to be carried out, as indicated, by responsible individuals (e.g., the Chief Information Officer, authorizing official, authorizing official’s designated representative, senior agency information security officer, information system owner, information owner, information system security officer, certification agent, and user representatives).
Praetorian Secure’s approach to FISMA Accreditation
Over several years of working with the DoD and being actively involved in high level Commercial working groups, we are fully aware of current trends and active FISMA related guidance. Equipped with this knowledge, Praetorian Secure has developed our own approach to preparing clients for positive accreditation with risk management framework at its core.
Parts of the FISMA program include:
- Initiation Phase – preparation; notification and resource identification; and system security plan analysis, update, and acceptance
- Security Certification Phase – security control assessment and security certification documentation
- Security Accreditation Phase – security accreditation decision and security accreditation documentation
- Continuous Monitoring Phase – configuration management and control, security control monitoring, and status reporting and documentation
In meeting compliance, agencies face a dual responsibility. First, is to meet the specific requirements established by NIST in support of the FISMA requirements; and second, is to be able to provide a risk-appropriate level of assurance that critical information security controls are operationally effective and producing the intended outcomes.
Call Praetorian Secure Today
As threats change, corporations must take a proactive and agile approach to information security. Information security is an on-going process as the threats to your information systems are constantly changing.
Whether you are implementing a new system, building out a new network or updating an existing system or infrastructure, Praetorian Secure will provide the expertise to ensure proper security design and implementation compliant with FISMA or NIST 800-53.