FISMA Assessment and Advisory Services

Meet your FISMA authorization needs

The Federal Information Security Management Act (FISMA) is a federal law designed to increase the security posture of government agency federal systems, bureaus, departments and their supporting entities, such as vendors and their subcontractors.

Vendors and sub-contractors that provide information systems to agencies must prove, through an annual assessment, that they meet FISMA requirements. This process involves working directly with each agency to achieve an Authority to Operate (ATO) and be assessed to controls based on FIPS 199, FIPS 200 and NIST SP 800-53 Revision 4.

How Coalfire Helps

Coalfire’s cost-competitive FISMA assessment and advisory services are designed to help you meet your FISMA authorization needs. The process, based on the control selection for the level of impact system provided, closely follows the NIST Risk Management Framework (RMF). From controls mapping of various environments, to documentation development for a system security plan (SSP), to security testing and POA&M management, Coalfire can do it all.

Our services include:

FISMA Assessment

Assess, test and review your information systems with our in-depth testing and assessment capabilities, including:

  • FIPS 199 categorization, FIPS 200 and agency control selection.
  • Assessment of security controls.
  • Implementation of applicable security controls.
  • Authorization recommendation of system and continuous monitoring.
  • Security Assessment Plan (SAP), Rules of Engagement (ROE), and Security Assessment Report (SAR) development.
  • Penetration testing.
  • Wireless and mobile security assessments.
  • Source code reviews.
  • Application, database, and infrastructure vulnerability scanning and results interpretation.

FISMA Advisory

Build security into your IT deployments with our technology consulting service, which includes:

  • Architecture and system boundary assessments.
  • Architecture optimization and modernization.
  • Configuration management administration and operations.
  • IT security and controls program development.
  • Network design and third-party service provider evaluations.
  • Business practice recommendations.
  • Contingency system planning and additional guidance based on your agency’s requirements.
  • Compliance program pre-assessments.
  • FISMA documentation development, including System Security Plan (SSP), Contingency Plan (CP), Incident Response Plan (IRP), Configuration Management Plan (CMP), Privacy Impact Assessment (PIA), and FIPS 199 Security Categorization, Policies, Procedures, etc.

Why Choose Coalfire for FISMA Authorization Support

Leverage our deep understanding of compliance frameworks to provide superior security practices, testing, and customized implementation models. Coalfire is the leading accredited FedRAMP 3PAO assessing cloud service providers to NIST SP 800-53 Revision 4 as part of their FedRAMP Authorization process. Accreditation was awarded based on demonstrated competence with assessing organizations to NIST SP 800-53 compliance to meet FISMA. Meet stringent compliance standards and ensure that a comprehensive framework exists for security and risk management.

Coalfire has helped organizations achieve FISMA authorization from agencies such as HHS, CMS, NIH, DHS, DOT and more.

Our FISMA compliance services help you:

  • Effectively manage risk by integrating security into current and future architectures.
  • Implement a comprehensive and secure compliance program by developing a strategic roadmap.
  • Maintain high assurance that required policies, documentation, and procedures meet compliance standards.
  • Understand the requirements to prepare or assess your solution for FISMA compliance.

Industry Resources