Home Shopping Cart | Search  

  Login  
You have 0 item(s) in your Shopping Cart  
 
Search
 
 
  Browse By


  Services

Vulnerability Assessments
  • Internal Vulnerability
  • External Vulnerability
  • Risk Assessment

Operational Assessments
   • ISO-17799
   • CobiT
   • Asset Discovery

Regulatory Compliance
   • HIPAA
   • FISMA
   • HSPD-12
   • GLBA
   • SOX

Identity Management
   • IdentiPHI





 
Security Workplace FISMA Assessment

FISMA ASSESSMENT



The Federal Information Security Management Act of 2002 - also known as Title III of the E-Government Act of 2002 - regulates federal information security. FISMA establishes greater management responsibility for information security as well as providing for significant oversight by the legislative branch.

Security Workplace offers the following services to assist government agencies with compliance to FISMA information security standards:

  • Implementation of plans to reduce the risk to the government's information assets.
  • Development of an agency-wide efficient and measurable security program.
  • Design and creation of managed service for tracking and reporting.
  • Assistance with understanding evolving FISMA law and compliance requirements.
  • Assistance with the creation of an annual report to OMB and Congress on compliance with FISMA requirements.
  • The creation and maintenance of FISMA required inventory of major systems.

FISMA utilizes NIST Special Publication (SP) 800-37, "Guide for the Security Certification and Accreditation of Federal Information Systems" as its compliance standard. NIST SP 800-37 provides guidelines for certifying and accrediting information systems supporting the executive agencies of the federal government. NIST SP 800-37 applies to all federal information systems in addition to those systems designated as national security systems as defined in FISMA.

The certification and accreditation package consists of the following documents:

  • System security plan
  • Security assessment report
  • Plan of action and milestones

The key document for the certification and accreditation process is the System Security Plan (SSP), detailed in NIST Special Publication 800-18, "Guide for Developing Security Plans for Information Technology Systems."

The purpose of the SSP is to:

•  Provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements.
•  Delineate responsibilities and expected behavior of all individuals who access the system.

Security Workplace can help you comply with your FISMA requirements by performing the following tasks:

  • Categorize the information system
  • Select set of minimum (baseline) security controls
  • Refine the security control set based on risk assessment
  • Document security controls in system security plan
  • Implement the security controls in the information system
  • Assess the security controls
  • Determine agency-level risk and risk acceptability
  • Provide documentation to support authorizing information system operation
  • Monitor security controls on a continuous basis

     

Home | Contact Us| Return Policy | Privacy Policy | Security Policy | Site Map |
Copyright © Security Workplace 2007. All Rights Reserved.