Even the smallest of companies are being forced to comply with regulations arising from complex Acts of Congress, FISMA, Gramm-Leach-Bliley, Privacy Act, HIPAA, Sarbanes-Oxley, and numerous industry-specific compliance programs as SAS 70, ISO, ITIL, COSO, and CobIT4. This proliferation of regulations requirements are good business practices and small to medium-size businesses should be independently auditing their IT solutions. But how do these businesses find qualify, affordable auditing services to offset the legal fees that could incurred for an instance of non-compliancy. As governments pass legislation to regulate large corporations, often these same regulations become a financial burden to smaller companies. A company's due diligence in conducting risk assessments, compliance audits, employee training, and awareness programs will factor into the final determination from an investigation on how your company was protecting it data.An assessment by our experienced consultancy provides you with an independent evaluation to answer those questions.
The Federal Information Security Management Act (FISMA)
The National Institute of Standards and Technology (NIST) created a series of Special Publications (SP) providing guidance to federal agencies for securing IT implementations.This FISMA activity is referred to as "certification and accreditation" or C&A. A key document for a C&A is NIST SP 800-53a, which contains a standardized set (17) of security controls families (requirements) related to information systems. In addition, several other documents are useful during a C&A engagement as the Federal Information Processing Standard (FIPS) 199 Risk Categories, NIST SP 800-60 for categorizing information data systems, NIST SP 800-30 for guidance for risk assessments, and NIST SP 800-34 for guidance on developing IT contingency plans.
8062 High Castle Road, Suite 202, |Ellicott City, Maryland 21043-5166 TEL: 866.465.6005 | FAX: 410.465.9315