The Federal Information Security Management Act (FISMA) was designed to improve the security posture of government agency information systems. While FISMA outlines valuable controls for protecting information systems, compliance with the law is complex and time-consuming.

With extensive experience securing the networks and data of government agencies, Kratos’ FISMA experts instill confidence by bringing a holistic understanding of the risks agencies face. Kratos offers Assessment & Authorization (A&A) services, asset classification, risk assessments, and ongoing security authorization to obtain an Authorization to Operate (ATO) or maintain an Agency ATO.

Kratos’ assessment identifies areas where an organization does not comply with the FISMA/NIST controls and documentation standards, and Kratos outlines areas requiring remediation. The goal is to submit a compliant FISMA Security Authorization Package that gains an ATO. Kratos’ processes, tools, and methodologies are based on the core components identified by FISMA and established by NIST.

FISMA services include:

• Developing a System Security Plan (SSP) - help an organization’s team develop and maintain documents that detail internal controls
• Providing a FISMA risk assessment - provide the independent assessment of an organization’s control environment
• Delivering penetration testing and vulnerability assessments - identify and prioritize weaknesses through physical, logical, and social testing techniques
• Providing certification to support security accreditation - offer agency officials the confidence they need to sign off on security systems through accreditation

Benefits of FISMA Compliance

• Reduce the cost, confusion, and complexity of FISMA compliance
• Identify non-compliant areas and gain an understanding of what actions are needed for compliance
• Remediate issues prior to involvement from the Certifying Authority (CA)