FISMA Compliance

Soft-Con provides FISMA compliance to clients seeking both application and internal policy adherence to Federal IT security mandates. Our approach to information system security requirements is to ensure that your security policies, procedures and practices ascribe to the internal guidance set forth in the organization's governing security publications and with Federal Security publications such as NIST SP 800-34, "Contingency Planning Guide for Information Technology Systems"; SP 800-37, "Guide for Security Certification and Accreditation of federal Information Systems"; SP 800-39, "Managing Risk from Information Systems"; SP 800-50, "Building an Information Technology Security Awareness Training Program"; SP 800-53, "Recommended Security Controls for Federal Information System"; SP 800-61, "Computer Security Incident Handling Guide", and SP 800-100, "Information Security Handbook: A guide for Managers". Soft-Con's Security Certified personnel have been instrumental in providing guidance for our clients by leading gap analysis and compliance reviews through the execution of tabletop walkthrough contingency plan exercises. As a result, our clients have gained invaluable training and familiarization in the notification and recovery procedures of their organization's contingency plan. Our services have also added another layer of clarity and validation to the roles and responsibilities and the processes and procedures in the contingency plan as well as verified if the timeframes for recovery in the plan were realistic.

Our CISMs assist you in defining core business functions, guidelines and underlining processes, monitoring and support models for security compliance for the organization's General Support Service (GSS). These efforts are integral to validating key operational controls required by NIST Special Publication 800-53.