|
COMPLIANCE ASSESSMENT & VALIDATION (CAV) CENTER OF EXCELLENCE (COE)
FISMA Compliance Assistance
The Federal Information Security Management Act of 2002 (FISMA) was enacted as Title III of the E-Government Act of 2002 and was intended to improve computer and network security within the Federal Government. FISMA established a set of processes that must be followed for all information systems used or operated by a U.S. federal agency or contractor/other organization on behalf of the agency. The processes are guided by Federal Information Processing Standards (FIPS) documents, special publications issued by the National Institute of Standards and Technology (NIST) and pertinent legislation (HIPAA, GLB, Privacy Act of 1974, etc.) Within the Department of Defense, many of the Services have published additional FISMA Implementation Guidance to assist component organizations and agencies with maintaining performance within the FISMA requirement and reporting areas.
Our highly seasoned staff of analysts and engineers can assist you whether you’re faced with completing certification and accreditation activities and tasks or merely conducting annual security controls and system security reviews required by FISMA. We can assist you with any facet of FISMA including determining information types and performing FIPS 199 categorization, documenting the system, performing a risk assessment, selecting and implementing security controls, complete certification and accreditation of the system, monitoring of security controls, recommending corrective or mitigation actions, system registration and preparing or updating a Plan of Action and Milestones (POA&M). Our staff possesses active government security clearances and can travel to perform the work anywhere in the United States and in many overseas locations. For Air Force customers we can respond quickly to assist you with complying with the Air Force FISMA reporting guidance letter and implementation guidance attachments published by the AF CIO.
|
