The Federal Information Security Management Act (FISMA) has two primary objectives:
- To keep federal agency IT systems secure while providing the electronic access for the public (mandated by the E-Government Act of 2002), and;
- To maintain an audit trail of system activity and provide reports that document compliance.
Apex Assurance helps organizations in preparing to meet the nine steps required for compliance with FISMA, including:
- Inventory of information systems requirements
- Categorizing information and information systems according to risk level (According to FIPS PUB 199 and NIST SP 800-60)
- Minimum Security Controls Requirements (FIPS 200) for documentation in the System Security Plan.
- Agency Risk assessment / Security Due Diligence (FIPS 200, NIST Special Publication 800-53).
- System Security Plan, a living document and a major component of the system’s security certification and accreditation process.
- Completed documentation for pre-certification & accreditation (NIST SP 800-37).
(click image for larger view)
