FISMA Compliance

Schedule Consult

443-459-1589

Home
Solutions
- - - CKSS is a leading Woman Owned Small Business providing innovative solutions in areas of Compliance, IT Audits, Managed Security Services, Cyber Security consulting.
      
      Read More
  - - By Challenge
      - Cloud
  - - By Industry
  - - By Mandate
Services
- Security Risk and Compliance Services
- Cloud
  - - - Cloud computing is the on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the Internet with pay-as-you-go pricing. Cloud has enabled organizations to be more competitive, faster and innovative. Cloud will continue to be a source for innovation and growth for the next few years to come.
        
        Learn More
- Managed Security Services
  - - - CKSS Managed Security Services solutions combine industry leading tools, expertise, and industry-leading capabilities to help secure your information assets often at a fraction of the cost of in-house security resources. Our team of Security Personnel have extensive experience in helping organizations rapidly scale security and compliance operations.
        
        Learn More
- DevSecOps
  - - - DevSecOps integrates security into the DevOps pipeline with an aim to unite application development, IT operations, and security teams under a common DevSecOps umbrella. DevSecOps builds on the idea that cross-functional teams must work together and that everyone is responsible for security.
        
        Learn More
Testimonials
Resources
Company

FISMA Compliance
Continuous Monitoring
OMB A-123 Assessments

Overview
Per FISMA regulations, each organization will develop an agency-wide information security program which includes the following areas of concern:

Create a security program for managing information risk
Create an incident response and reporting program
Document policies and procedures
Select security controls for systems
Create a continuity-of-operations plan
Create a security training program
Create a remediation program
Conduct continuous monitoring
Solution
FISMA Program Support

CKSS Compliance Services are geared to provide FISMA Program Support to your Computer Information Security Officer (CISO), Senior Agency Information Security Officer (SAISO), Information System Security Officer (ISSO), Information System Security Manager (ISSM) Program and Policy Support: CKSS works closely to develop, update and/or maintain information security program and policies, standards, and procedures.

CKSS ensures that the federal organization has a plan in place to address known regulatory requirements as well as understands what new requirements are being developed by entities such as NIST and OMB.

Security Assessment and Authorization (SA&A)

CKSS assists clients in conducting C&A of applications and general support systems. CKSS follows NIST SP 800-37, NIST SP-800-53, FISMA, and agency-specific SA&A process guidelines. As part of conducting a SA&A for federal clients, we conduct on-site data collection activities, offer scan services, and run applications looking for known vulnerabilities; conduct security assessment activities and develop the following deliverables: SA&A Plan; System Security Plan (SSP); Risk Assessment; Security Assessment Test Plan; Security Assessment Test Report; IT Contingency Plan; Privacy Impact Assessment (PIA); Transmittal Letter; and Accreditation Decision Letter.

CKSS also provides assistance in developing and delivering security awareness & training support to our clients.
CKSS Continuous Monitoring solution enables you to sustain security posture through continuous monitoring as specified by NIST 800-37, NIST 800-137 and other pertinent standards and guidance.

Once a year, we develop and conduct:
- Incident Response Plans, ST&E tests of key controls
- Contingency Plan and Test Report assessments
- Separation of Duties Matrix
- Penetration Testing
Quarterly and on a regularly scheduled basis we offer:
- Security event and log management to enable more efficient event and log management
- Compliance Monitoring and Reporting for established Configuration Baselines
- Ongoing POA&M Remediation and Updates
- Vulnerability and Application Scans of All Systems within the System Boundary
Overview
The Office of Management and Budget (OMB) Circular A-123, Management’s Responsibility for Internal Control, defines management’s responsibility for internal control in federal agencies. Circular A-123 and the statute it implements, the Federal Managers’ Financial Integrity Act of 1982 (FMFIA), are the center of the existing federal requirements to improve internal control. The Circular also establishes requirements for conducting management’s annual assessment of the effectiveness of internal control over financial reporting (required by Appendix A of the Circular). The requirements specifically state that agencies are to include information system controls in their assessment.

OMB A-123 Assessment consists of evaluating key controls for each system and application significant to financial reporting to determine if they are operating effectively. Specifically, this includes evaluating:

General controls at the General Support level

General controls as they are applied to the system being examined

Application controls

Documented policies, procedures, and evidence of controls implementation

The assessment, to include documenting assessment results and uploading evidence in a tool of your choice.
Solution
CKSS helps government agencies ensure compliance with OMB A-123 requirements by:

Developing and finalizing the scope for the assessment, for example, ensuring that appropriate individuals are available to perform and review required control tests; and defining the roles, responsibilities structure to support OMB Circular A-123 compliance

Testing the effectiveness of controls by reviewing documented policies, procedures, and evidence of controls implementation.

Documenting the assessment, to include documenting assessment results and uploading evidence in a designated tool to ensure results are verifiable.

Resources

Download Verizon Data Breach Report

Have a Security Consultant Contact You

FISMA Compliance

FISMA Compliance

Continuous Monitoring

OMB A-123 Assessments

Resources

Have a Security Consultant Contact You

Cart