IT Security Compliance

Risk Assessment Services & FISMA Compliance

Net2Net Solutions offers a neutral approach to securing your enterprise network. Through the integration of your existing IT capabilities and business policies and requirements, we are able to help deliver a strategy and action plan that clearly maps the way to securing and protecting your infrastructure.

FISMA Compliance

The Federal Information Security Management Act, or FISMA, imposes a mandatory set of processes that must be followed for all information systems used or operated by a US Government agency.

While Federal security managers, systems owners, and CIOs may have different opinions about the impact of FISMA, they all agree on one point:

FISMA has created a substantial workload of expanding certification requirements and documentation demands.

In 2006, NIST released Special Publication 800-53A, "Guide for Assessing Security Controls in Federal Information Systems," intended to standardize security assessment practices for an established baseline set of security controls. However, as many security managers and systems owners have discovered, the new baseline encompasses 17 families of security controls, and the new requirements now call for the implementation, testing, and documentation of over 160 mandatory security measures. And this is the minimum standard for a low impact system. Additional security controls and corresponding documentation are required for medium and high impact systems.

The bar has been raised for FISMA compliance, and many systems owners and security managers are waking up to the fact that their C&A packages that are up for renewal this year do not come close to meeting the requirements of the new "guidelines." For almost all Federal system owners, this means a major overhaul of their security plans, risk assessments, and C&A documentation packages.

>> Services and Solutions