FISMA Support

The Federal Information Security Management Act (FISMA) was enacted in 1982, and requires all federal agencies “to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency.”  In support of FISMA compliance, the National Institute of Standards and Technology (NIST) has developed a Risk Management Framework (RMF), including a set of Federal Information Processing Standards (FIPS), that government agencies are required to use in order to achieve compliance.  Additionally, many of our non-governmental and commercial organizations have willingly adopted FISMA, in order to achieve the high level of assurance for information security that compliance provides.

 

We work directly with Data Owners to determine the best way to secure complex systems.  This requires a detailed understanding of business processes, information system boundaries, and complex technologies.  While many FISMA compliance assessment service vendors simply follow a basic routine and process, 1ClickSecurity looks to find ways to improve key processes during every engagement, starting with a focus on defining the scope of the assessment and working with the client to plan the assessment/Security Authorization project in a comprehensive and efficient manner. 

Some of our key support areas include:

 

  • System Security and Privacy Plan development 

  • FedRAMP Controls 

  • FIPS 199 & FIPS 200 determinations 

  • Plan of Action and Milestones (POA&Ms) 

  • CSAM Support 

  • Enumeration of threat vectors and actors 

  • Security requirements sourcing & analysis 

  • Security architecture and design reviews 

  • Application security code reviews 

  • Security/vulnerability testing 

  • Penetration testing