The Federal Information Security Management Act of 2002 (FISMA) requires federal agencies to improve the security of their Information Technology (IT) systems, applications, and databases to ensure the confidentiality, integrity, and availability of federal information assets. Agencies must stay current with the National Institute of Standards and Technology (NIST) best practices on key topics (e.g., risk management, security control assessments, continuous monitoring, and incident reporting) which guide agencies’ FISMA implementation, as well as evolving Office of Management and Budget requirements.

KCG has an in-depth understanding of federal regulatory requirements, as well as the people, processes, and technologies required in order to comply with the various requirements. We support agencies in identifying gaps within their cybersecurity programs, identify compliance with reporting requirements, and develop strategies for ensuring continued regulatory and FISMA compliance. We assist federal agencies with understanding the complete set of major applications and general support systems included within their FISMA inventory. KCG provides organizationally specific expertise in translating FISMA requirements so that each organization understands its role and status in the agency’s overall FISMA grade.

KCG’s service offerings in FISMA and regulatory compliance include:

• Security Program Gap Analysis for FISMA Reporting and Compliance
• Quarterly and Annual FISMA Reports
• Enterprise Risk Assessments
• Security Policy and Procedure Development
• Translating FISMA Requirements for Operational Systems
• Compliance Scorecards and Metrics for Tracking Organization and System-level Compliance
• Processes for Implementing Security Authorizations for Continuous Monitoring based on NIST SP 800-37
• Continuous Monitoring Reporting
• FISMA Requirements Status Reports to Key Stakeholders
• Recommendations for FISMA Analysis, Compliance, and Reporting Solutions