Just as the government now requires public companies to prove they have controls in place to protect information assets within their organization (SOX, GLBA, HIPAA), the Federal Information Security Management Act of 2002 requires information security to be addressed by local and federal agencies, contractors and other organizations that handle federal data

FISMA consists of a set of directives governing what security responsibilities federal entities have, and it outlines oversight and management roles to the implementation of those directives.

FISMA sets aside a number of specific tasks targeted to particular audiences:

Agencies -- Federal agencies have the largest responsibility under FISMA. They're required to establish an integrated, risk-based information security program that adheres to high-level requirements governing how information security is conducted within their agency. For example, agencies are required to assess the current level of risk associated with their information and information systems, define controls to protect those systems, implement policies and procedures to cost-effectively reduce risk, periodically test and evaluate those controls, train personnel on information security policies and procedures, and manage incidents.

(NIST) National Institute of Standards and Technology -- NIST bears the responsibility for setting centralized standards and guidance to which agencies must adhere. These include the definition and categorization of risk levels and setting minimum standards for safeguarding assets according to risk level.

(OMB) Office of Management and Budget -- The OMB bears the responsibility for oversight of FISMA. It defines a standardized reporting methodology whereby compliance status is analyzed alongside the results of independent testing activities conducted by the agency's Inspector General to produce a high-level compliance score. The OMB then, on an annual basis, submits a high-level report to congress consisting of high-level "grades" (A through F) for the agencies.

ATIBA’s FISMA services can assist government agencies in achieving FISMA compliance. Our team of FISMA professionals will assess the types of information you handle and the environment in which that information is contained in order to rate its level of confidentiality, integrity, and availability. They will document the components of your information management systems and perform risk assessments that will help identify the level of potential threats and vulnerabilities. They will help to establish a security plan that contains secure processes and controls that will help to mitigate risk.

ATIBA consulting professionals will help you achieve the FISMA certification you require, be it self-certification or certification by a third party accrediting official.