GOVERNMENT

PRAGMATIC

We work creatively with you to develop a sound way to meet FISMA or DFARS requirements in a manner that respects financial and technical requirements.

EXPERIENCED

With 22 years of experience, Anitian brings a practical approach to compliance. We look beyond the checkbox at the operational realities to build true security.

EFFECTIVE

We know how to make government compliance work. We build programs that actually protect your data, and your job, while working with difficult frameworks.

GOVERNMENT SERVICES DETAILS

OVERVIEW
The US Federal Information Security Management Act (FISMA) is a requirement for any federal entity, as well as vendors and sub-contractors of the federal government. Anitian can ensure that your organization meets all the requirements of FIPS 199, FIPS 200 and NIST SP 800-53 Revision 4. Furthermore, Anitian offers comprehensive support for compliance with the DFARS, or NIST 800-171, requirements.
FISMA GAP ASSESSMENT
A FISMA gap assessment assesses your current state against the Standards and Technology Special Publication Series 800-53 revision 4 (NIST 800-53 standard) for compliance with the Federal Information Security Management Act of 2002. This highlevel review identifies gaps in your compliance and establishes a clear action plan to remedy those gaps.

 

 

Your FISMA Gap Assessment includes:

  •  Establishment of the scope of compliance
  •  FIPS 199 categorization, FIPS 200 and agency control selection
  • Facilitated interviews with relevant project stakeholders
  • Review of relevant documentation
  • Identification of compliance gaps and determination of remediation efforts
  • Performance of appropriate technical testing (penetration testing, code reviews, etc.)
  • Development of a gap assessment report, including a description of our findings and an Action Plan that provides you with a roadmap to FISMA compliance

Anitian can also work alongside your team to implement required controls and complete a Security Assessment Plan (SAP) and other required documents.

DFARS GAP ASSESSMENT

While FISMA applies to vendors and subcontractors of the government, defense contractors and subcontractors must also contend with DFARS, or the Defense Federal Acquisition Regulation Supplement. DFARS mandates 109 different controls from the NIST SP 800-171 document. Compliance deadline for affected vendors and subs is December 31, 2017. Anitian’s DFARS Gap Assessment puts you on the path to meeting these requirements.

A DFARS Gap Assessment includes:

  •  Establishment of the scope of compliance
  • Facilitated interviews with relevant project stakeholders
  • Review of relevant documentation  Assessment of controls
  • Identification of gaps and determination of remediation efforts
  • Development of a gap assessment report, including a description of our findings and an Action Plan that provides you with a roadmap to DFARS compliance

Anitian can also work alongside your team to implement required controls to meet requirements.

ADVISORY SERVICES
For organizations looking for expert consultation, Anitian offers flexible, open-ended arrangements to provide guidance, feedback, and insight into the NIST compliance process. Anitian’s consultants all deliver pragmatic, practical advice tailored to the unique needs of your business.

 

 

While consultation services can cover any topic, some of the common assistance Anitian provides include:

  •  Guidance on requirements
  •  Assistance with limiting scope of compliance
  • Technology recommendations and guidance
  • Review and feedback on policies, practices, or configurations
  • Assistance with compensating controls
  • Application design consulting
  • Assistance with implementing required controls
  • Clarification of the expectation or intent of requirements
READINESS ASSESSMENT
Once your FISMA or DFARS compliance program is in place, Anitian can provide a final readiness assessment. This assessment digs deeper than a gap assessment, to assess not only the existence of controls, but also their effectiveness.

 

 

A FISMA/DFARS Readiness Assessment includes:

  •  Verification of the scope of compliance
  • FIPS 199 categorization, FIPS 200 and agency control selection
  • Facilitated interviews with relevant project stakeholders
  • Review of relevant documentation  Identification of compliance gaps and determination of remediation efforts
  • Performance of appropriate technical testing (penetration testing, code reviews, etc.)
  • Development a readiness assessment report, including a description of outstanding areas of noncompliance and an Action Plan that provides you with a roadmap to remediating these gaps

Anitian can also work alongside your team to implement required controls and complete a Security Assessment Plan (SAP) and other required documents.

REMEDIATION SERVICES
One of the benefits of working with Anitian is that, in addition to being able to conduct compliance assessments, we also have a complete staff of technology integrators. This gives us a real “nuts & bolts” view of FISMA and DFARS compliance. We know exactly how to implement necessary controls, technologies, and practices to meet FISMA/DFARS requirements.

 

Our remediation services include implementation, optimization, and testing of the following:

  • Firewalls / UTM / NGFW
  • File integrity monitoring
  • SIEM / Log Management
  • Antivirus / Endpoint security
  • Encryption
  • Vulnerability management
  • Configuration management
  • Incident response
  • IDS / IPS
  • Security awareness
  • Software development life-cycle (SDLC)
  • System auditing & access control

Learning Resources

Presentation

Security as
Code

b

Paper

Communicating Risk
to Leadership

eBook

The Case for Security
in the Cloud

Contact

Share This