FISMA Audit Services

AWA’s cybersecurity solutions include FISMA audits and assessments.

shutterstock 601186448

FISMA Audit Services

The Federal Information Securities Management Act of 2002 (FISMA) was enacted by the U.S. Congress in 2002 to strengthen data security in government. FISMA requires federal agencies to develop, document, and maintain an agency-wide program that ensures adequate cybersecurity personnel, procedures, and systems as well as proper security for physical facilities and equipment. These requirements were built to protect the confidentiality, integrity and availability of their data and prevent unauthorized access or accidental loss of information from data systems.

AWA’s Security Services for FISMA Assessments

AWA's Security Services for FISMA Assessments

AWA provides a comprehensive services portfolio to support FISMA audits and security assessments. Our experts assist federal organizations with maintaining secure information systems risk management process.

This is accomplished through:

  • Vulnerability testing,
  • Gap analysis of threats to government information assets,
  • Developing plans that address risks,
  • Implementing an effective and measurable security program,
  • Performing managed services for security tracking and reporting,
  • Building and updating inventory of major systems required by FISMA.

For assistance in preparing for your first, or next, FISMA assessment, contact AWA.

FAQs about FISMA Audit Services

Who complies with FISMA? 

All government agencies must comply with FISMA, without exception. The Federal Information Security Management Act mandates that all federal agencies guarantee the safety and security of all agency data. Compliance is now also required for any third-party suppliers utilized to assist agency operations as well as government contractors. In other words, any organization, including businesses in the private sector, with a contractual relationship with the government or which stores, handles, or has access to federal information on behalf of an agency is required to comply.  

What are the penalties for non-compliance? 

FISMA regulations were designed to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. There are severe repercussions if a government agency or third-party vendor fails to comply with FISMA. Any agency or federal contractor that does not adhere to FISMA risks losing funds from the government and being disqualified from government-funded programs.  

What is the process for a FISMA audit? 

A FISMA audit uses NIST Special Publication 800-53 as the framework for assessing compliance with FISMA regulations. This type of engagement includes a preparation and scoping phase, onsite testing and interviews, review of documentation, drafting for the audit report, and follow up with advice for strengthening compliance.

How long does a FISMA audit take?  

Generally, we tell clients to plan for a 12-week audit process. 

How long is a FISMA audit report valid for? 

FISMA audit reports are valid for 12 months from the date it was issued. 

CISSP - Certified Information Systems Security Professional
CEH - Certified Ethical Hacker
CISM - Certified Information Security Manager

Request a Quote

Contact AWA International to discuss the cybersecurity solutions that would best fit your organization's compliance goals.

Get Quote

Scroll to Top