Background
The Federal Information Security Modernization Act (FISMA) requires government agencies to implement an information security program that effectively manages risk. The National Institute of Standards and Technology (NIST) is a non-regulatory agency that has issued specific guidance for complying with FISMA.
Some specific goals include:
- Implementing a risk management program
- Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
- Ensure the integrity, confidentiality and availability of sensitive information
Some FISMA requirements include:
- Maintain an inventory of information systems
- Categorize information and information systems according to risk level
- Maintain a system security plan
- Implement security controls (NIST 800-53)
- Conduct risk assessments
- Certification and accreditation
- Conduct continuous monitoring
Potential Risks
An organization's failure to meet the necessary FISMA requirements or NIST standards may lead to a breach of data, loss of ability to process or handle 3rd party data, loss of business customers or partners or regulatory fines. It's also important to keep in mind the possibility of PR damage to your organization and loss of brand equity.
How We Can Help
Our qualified experts understand the impact federal requirements can have on your data maintenance and security procedures. We will bring procedural expertise to your organization regarding these issues.
Failure to meet federal standards can impact your organization. Don't take chances - let our experts help! CompliancePoint has a variety of services that you can leverage to meet your FISMA compliance and NIST needs.
Our assessors and consultants are experts on the government standard for NIST compliance. Our comprehensive assessments let you identify areas of risk and implement defined security controls to meet NIST standards.