FISMA Compliance Services

InfusionPoints: Deploy FISMA Compliant Solutions
The Federal Information Security Management Act (FISMA) was key in establishing several security standards and guidelines required by Congressional legislation. From this Act, came NIST Publications 800-53, 800-53A, 800-59, 800-37 and FIPS 199 and FIPS 200. The breadth of these standards and guidelines creates a holistic view of security, including personnel and physical security, risk management, incident response and monitoring, just to name a few. However, FISMA provided specific controls and further required department heads of federal agencies to protect information and systems. InfusionPoints applies an integrated methodology that infuses security and privacy controls into mission solutions to meet the FISMA requirements. InfusionPoints provides a wide range of services to meet any organizations FISMA objectives.

Helping to Design a FISMA Compliant Strategy for Securing Information Systems
The foundation for strong information processing systems is embedding it in a secure environment. InfusionPoints uses seasoned information security subject matter experts to develop a functional and secure FISMA compliant environment for our customers. Our subject matter experts engage with the agencies Information Security Office and systems owners to identify key design principles, strategic and security objectives, and critical requirements to develop a comprehensive information security environment.

InfusionPoints FISMA Framework Provides:

  • Risk Management Framework determines the systems categorization, establishes the minimum requirements and if additional controls are required.
  • System Security Plans identifies management, operational, and technical controls for testing of government systems.
  • Processes for planning, implementing, evaluating, and documenting remedial action to address any deficiencies in the information security policies, and procedures to secure mission systems.
  • Policies Framework establishes management direction, procedures, and requirements to ensure the appropriate protection for the information assets are defined and aligns with NIST Standards.
  • Security training and awareness identifies associated training needs, customizable security training solutions and designed to transfer information from the subject-matter experts to the people who need it.
  • Continuous Monitoring Framework establishes the metrics and methods to measure the effectiveness ongoing operational security controls.
  • Incidence Management Framework which is comprised of a set of procedures and technologies for detecting, reporting, and responding to security incidents, consistent with standards and guidelines.
  • Continuity of Operations Framework which is a set of plans and procedures to ensure continuity of operations for information systems that support the program.

InfusionPoints is a leading provider of FISMA compliant engineering services that architects, designs, develops, integrates, deploys and manages our customers secure mission solutions. Following InfusionPoints’ FISMA framework, provides you with an ongoing integrated process that facilitates FISMA compliance and Certification & Accreditation at a pace and budget you can afford. With InfusionPoints, you gain a trusted partner who will accept ownership for your security objectives and bring executive experience to integrate security into your program, right the first time.

Our Full Lifecycle Services

We leverage our IT frameworks to infuse security into multiple points throughout our client's business solution lifecycle, by providing IT Consulting, Cyber Security and Technology services including:

From the Blogs

  • An Adventure in Cloud Security

    Feb
    08

    I recently registered for a website hosted by a government agency that handles some of the most sensitive personal information available within U.S. Government. While the site is only a simple scheduling system, imagine my dismay when I received an email confirming my registration that included both my username in password in the email body. That email demonstrates that, despite all of the reported attention to security over the past several years, especially within the Federal Government, we are failing to build an effective information security culture.

    Posted By Michael Figueroa read more

  • Google and Business Data Privacy

    Jan
    26

    As just about everyone who reads the news knows, Google announced on Tuesday, January 24, 2012 that it would merge the data it collects from individual users across all of its properties starting March 1, 2012. Basically, Google will be able to better anticipate how to direct individual user activities to best serve their needs, building a grand database of all user activity and behaviors. The question that few are asking, though, is what the impact will be on businesses. That's where things get really complicated.

    Posted By Michael Figueroa read more

  • More evidence that Multi-Factor authentication is no Panacea...

    Jan
    16

    I've always been a strong proponent of the judicious use of strong authentication. Due to the government's push to introduce smart cards (known as HSPD-12), and industry standards like PCI, multi-factor authentication is becoming increasingly common for certain system access scenarios across a wide range of organizations.

    Posted By Jason Shropshire read more

Pages

InfusionPoints, Your Independent Trusted Advisor

We founded InfusionPoints to be our clients' first choice for an independent trusted partner to build secure systems that protect their employee's, partner's and customer's data