Skip links

FISMA Compliance

FISMA Compliance Services

HPS helps both government and non-government organizations achieve their Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology (NIST) objectives. We leverage our deep understanding of the NIST Special Publications security guidance to assist your organization’s FISMA and NIST compliance needs.

Our team has helped a variety of organizations successfully navigate the complex challenges of NIST-focused assessments. Several of the organizations that we have helped to date include: SPAWAR, National Science Foundation, Department of Health and Human Services, Department of Transportation, and The Department of Homeland Security.

We go beyond the simplicities of security control assessments and offer other capabilities that help with maintenance and remediation efforts discovered during an assessment. Some of these capabilities include:

  • Security Analysis Security
  • Architecture and Design
  • Application Security Code Reviews
  • Penetration Testing
  • Contingency and Business Continuity Planning (CBCP)
  • Plan of Action and Milestone (POA&M) Development
  • Policy and Procedure Development
  • Security Awareness Training
  • Incident Response Plan (IRP)

Our comprehensive list of capabilities and services make HPS your perfect partner for FISMA and NIST assessments. We help your organization realize a more appropriate security posture based upon any deficiencies identified in the assessments.

FISMA Assessment Services

FISMA requires federal agencies, departments, and contractors to adequately safeguard information systems and assets. This includes implementing and maintain an agency-wide program that provides information security capabilities related to the information and information systems that support the agency’s operations.

To help address FISMA requirements, NIST established a variety of publications that provide a recommended approach for safeguarding information systems. Some of the publications that are routinely used when addressing FISMA requirements include but are not limited to:

FIPS 199

Provides a standard for categorizing federal information and information systems according to an agency’s level of concern for confidentiality, integrity, and availability

FIPS 200

Specifies the minimum-security requirements for federal information and information systems and an introduces a risk-based process for selecting security controls related to minimum requirements.

NIST SP 800-53 Revision 4

Provides a catalog of security controls for all U.S. federal information systems and helps facilitate gap assessments.

NIST SP 800-30 Revision 1

Provides guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance in SP 800-39

NIST SP 800-37 Revision 1

Provides guidelines for applying the Risk Management Framework to federal information systems

NIST SP 800-39

Provides guidance for the integration of an organization-wide program for managing information security risk to organizational operations

Why Choose HPS for FISMA Assessments?

If you are struggling to understand the requirements specified by FISMA, then HPS can help. We help you prepare and assess your immediate requirements against NIST guidance. We also help you address all the leading requirements associated with FISMA compliance, such as:

  • Creating system documentation
  • Categorizing information systems
  • Selecting appropriate security controls
  • Conducting risk assessments
  • Assessment and Authorization (A&A) activities
  • Continuous monitoring activities
  • Risk Management Framework (RMF)