What is FISMA?

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act essentially recognized the importance of information security to the economic and national security interests of the United States. In 2014, President Barack Obama signed into law the Federal Information Security Modernization Act, effectively amending the 2002 Federal Information Security Act. In short, FISMA is still called FISMA.

And while FISMA is the law, the all-important NIST SP 800-53 publication is the official standard to comply with FISMA.  And lastly, the NIST Risk Management Framework (RMF) is a comprehensive, flexible, risk-based approach and process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle, for which organizations are to follow when working towards achieving FISMA compliance. 

FISMA also has three different IMPACT levels - HIGH, MODERATE, and LOW. Determining which IMPACT level, you need to comply with often begins by assessing your external compliance requirements - and more specifically - who is asking you to become FISMA compliant.

From Beginning to End, Complete Project Management for FISMA

With Arlington, we can manage your entire FISMA compliance engagement from beginning to end (i.e., from the initial FISMA scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of FISMA compliance.  Core services and solutions offered include the following:

• Scoping & Gap (i.e., Readiness) Assessments
• Remediation Services (Policy and Procedures writing)
• Remediation Services (Technical and Operational)
• System Security Plan (SSP) Development
• Independent Security Assessment Reports (SAR)
• Continuous Monitoring (ConMon) Services