Information Security Compliance and Assurance
In today’s technologically-savvy world, all federal and non-federal agencies must meet the minimum security requirements to reduce the impact and likelihood of a cyber-attack on their systems. In federal systems, NIST SP 800-53 (Recommended Security Controls for Federal Information Systems) represents the current state-of-the-practice safeguards and countermeasures for information systems and is used to establish a level of due diligence in protecting the organization’s information systems. NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations) is for non-federal systems.
Cloud solutions allow for faster processing and more elasticity in computing in an on demand, more efficient platform. The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments.
FISMA assigns responsibilities to various agencies to ensure the security of data in the federal government. The act requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner.
At WTS, we maintain highly-skilled consultant that are trained on legacy DIACAP ATO processes and newer RMF ATO accreditation.