Security Audit

General Information

Federal Information Security Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Office of Management and Budget (OMB) through Circular A-130, Appendix III, Security of Federal Automated Information Resources, requires executive agencies within the federal government to:

• Plan for security;
• Ensure that appropriate officials are assigned security responsibility;
• Periodically review the security controls in their information systems; and
• Authorize system processing prior to operations and, periodically, thereafter.

Fisma C&A Documentation Design And Consulting

Our FISMA documentation package includes preparation of all documentation required by the FISMA C&A Process, in particular:

• Annual FISMA Report
• System Security Plan (SSP)
• Security Categorization Documentation
• Security Controls
• Security Policies and Procedures
• Schedule and Milestons

We also offer FISMA-related consulting on hourly or fixed price basis.

FISMA C&A Training

We offer customized FISMA-related training courses, covering the following topics:

• Certification and Accreditation Process (NIST SP 800-37)
• Security Categorization (FIPS Pub 199, NIST SP 800-60)
• Security Controls (NIST SP 800-53)
• Assessment Methods and Procedures (NIST SP 800-53A)
• Using NIST SP 800-53 Database Application
• Using Security Self-Assessment Guide (NIST SP 800-26)
• Completing Annual FISMA Report

For more information please contact us at info@aspectlabs.com.