WebMail 
The Federal Information Security Modernization Act (FISMA) of 2014 established security guidelines and regulations that federal agencies are required to adhere to. In addition, any private sector organization that outsources any agency’s or department business is required to become FISMA complaint. DASATECH’s extensive experience and understanding of FISMA requirements is able to guide our customers through the FISMA Security Assessment & Authorization (SA&A) process in order to achieve FISMA compliance.
The FISMA Compliance Process
Initially, DASATECH conducts a preliminary security assessment of documentation to determine your company’s level of compliance with FISMA and the NIST Risk Management Framework (RMF). This security assessment provides us with a clear picture of were your gaps are and what the best starting point would be. The RMF has six steps:
- Step 1 – Categorize Information System
- Step 2 – Select Security Controls
- Step 3 – Implement Security Controls
- Step 4 – Assess Security Controls
- Step 5 – Authorize Information System
- Step 6 – Monitor Security Controls
Following the preliminary security assessment, DASATECH begins the FISMA Security Assessment & Authorization (SA&A) process by continuing or completing the RMF cycle to achieve FISMA compliance.
FISMA Deliverables
DASATECH delivers the following documentation upon completion of a FISMA SA&A:
- Security Assessment Plan (SAP) before assessment Kickoff
- Security Assessment Report (SAR)
- Plan of Actions and Milestones (POA&M) with remediation recommendations for non-complaint security controls and vulnerability scan findings
Together, the SAR, the POA&M, and the information system System Security Plan (SSP) are reviewed by the Government Agency Authorizing Official (AO) of the information system and then an Authorization to Operate (ATO) is granted based on the results and completeness of said documentation.
Benefits of FISMA Compliance
Companies who are currently engaging in government business or pursuing the idea of working directly with a federal agency to provide services that warrants the awarding of a federal contract, can benefit greatly from becoming FISMA compliant. DASATECH’s FISMA Security Assessment & Authorization (SA&A) service is able to take your company through the rigorous FISMA compliance process in order to achieve full compliance with the NIST 800-53 rev.4 security control framework and the RMF. Becoming compliant not only will it enhance and improve your company’s security posture, but it will show federal agencies and government entities that your company is ahead of the curve when it comes to compliance, organization, and information security.