The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002. FISMA recognizes the importance of information security to the economic and national security interests of the United States.

 

FISMA assigns specific responsibilities to the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) with the intention to strengthen information system security.  FISMA requires the head of each agency to implement policies and procedures that in a cost-effectively manner will reduce information technology security risks to a level deemed acceptable.

 

Any organization that uses or operates an information system on behalf of a federal agency must comply with FISMA regulations. Simply put FISMA not only applies to federal agencies but also to any company that does business with government agencies.

 

Under FISMA federal agencies and companies who do business with government agencies are reviewed for compliance and each is given scores in several areas and an overall grade for their ability to securing information and systems, to identifying and resolving current IT weaknesses and risks, and to protecting against future vulnerabilities and threats. FISMA requires that federal agencies understand its security issues and close the gaps. To date federal agencies are finding compliance with FISMA to be a challenge.

 

Loricca can help your agency or company with the challenges of FISMA compliancy.  Loricca will work hand in hand with appointed personnel to perform an assessment which is the first step in closing security gaps and ensuring FISMA compliance, after all you can't fix it if you don't know about it.  Security threats and continuously change have many federal agencies concerned if their systems are up to the challenge.  To help you evaluate the information security in their environments, Loricca offers a full range of assessment services - the first step in your FISMA awareness.

 

We will examine your agencies efforts in order to benchmark your current level of protection against both internal and external threats.  We review your policies, procedures, processes and FISMA/NIST compliance issues on all levels.

 

Following the policy compliance and procedure/process review, Loricca will evaluate your technical infrastructure, including a review of security, system, networking hardware and software.  Taking the information from the policy and compliance review and combining it with the results of the infrastructure review, Loricca will generate a gap analysis, showing which of your Security and Compliance efforts that is within scope to support FISMA compliance, and those that should be addressed to bring you into full compliance.

 

In short, this assessment is designed to give you the knowledge needed to determine the biggest threats you face and how your infrastructure is designed to handle them and what it will take for your agency or company to become and stay FISMA compliant.

 

During the assessment Loricca will evaluate:

• Document your plan for Security

• Ensure and document that appropriate officials are assigned security responsibility

• IT security controls

• System Processing

• Installed Hardware

• Installed Software

• Review Policies & Procedures

• Security and FISMA Training Requirements

• Security Risk Areas

• Physical Security of IT Systems

Loricca understand that each federal agency and companies who work within federal agencies has a goal to become totally FISMA compliant. Additionally we ascribe to the FISMA security objectives of Integrity, Confidentiality and Availability:

• Integrity - "guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity";

• Confidentiality - "preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information"; and

• Availability - "ensuring timely and reliable access to and use of information

Contact us today  ~ 813-600-3005