The Federal Information Security Act, or FISMA, is a comprehensive cybersecurity law that has a widespread impact on federal agencies, state agencies handling federal programs and contractors and service providers working with these agencies. As such, its effect is wide-ranging, and FISMA requirements often overlap or inform other, more specific compliance frameworks.

However, at its core, FISMA dictates some of the basic and most fundamental cybersecurity practices that governed organizations must adhere to. Learn more about what it means to meet FISMA compliance. 

Read More

In our continuing series on penetration testing, we have discussed different approaches to pen testing the benefits of conducting such tests. Here, we will continue by addressing penetration testing as a practice inside one of the most important security frameworks for federal agencies and contractors: NIST 800-53.

While the core documentation of NIST 900-53 contains hundreds of security controls, one dedicated section speaks to the value and best practices of penetration testing. Here, we’ll discuss how penetration testing plays a role in NIST 800-compliance and how you can incorporate it into your compliance strategy. 

Read More

Working with federal agencies can be a big boon for enterprise and SMB service providers. Not only are they working in a lucrative and challenging space, but they can also provide critical infrastructural support to the operation and defense of our country. The regulations, however, can prove a nightmare. For example, should you adhere to FISMA vs. FedRAMP? What is NIST? Who can I work with to help me get started? 

Here, we’ll answer one of the more basic and important questions: What is the difference between FedRAMP and FISMA authorization? Depending on the type of services you offer, you could be working through a set of similar, yet slightly modified, regulatory obligations. 

Read More