About UsCyber-ThreatComplianceEnterpriseConsultingGSA ScheduleCareersContact

The Federal Information Security Management Act (FISMA) of 2002 requires federal agencies to improve the security of their IT systems, applications, and databases. In compliance with industry best practices including those from the National Institute of Standards and Technology (NIST) for risk management, security control assessments, continuous monitoring and incident reporting, FISMA sets to improve the confidentiality, integrity, and availability of federal information assets.

KCG has an in depth understanding of FISMA requirements and the people, processes, and technologies required to ensure compliance with FISMA. KCG’s FISMA compliance services identify gaps within the agency’s security program and the requirements of FISMA reporting and provides remediation actions for improving compliance. KCG assists federal organizations with understanding the complete set of major applications and general support systems included within their FISMA inventory. KCG provides expertise in translating FISMA requirements down to each organization to understand their role and status in the agency’s overall FISMA grade.

KCG's service offerings in FISMA and Regulatory Compliance include:
  • Evaluating agency's existing security program and determining gaps with FISMA reporting and compliance
  • Developing quarterly and annual FISMA reports
  • Performing Enterprise Risk Assessments
  • Developing appropriate enterprise security policies and procedures
  • Translating FISMA requirements for operational systems
  • Developing and implementing processes for C&A compliance in accordance with NIST SP 800-37
  • Reporting on continuous monitoring activities for proper POA&M management
  • Reporting on status of FISMA requirements including risk assessments, POA&M status, security control assessments, and documentation requirements
  • Analyzing and recommending enterprise tools for FISMA compliance and reporting