The Federal Information Security Management Act (FISMA) of 2002
requires federal agencies to bring the level of security of their policies, IT
systems, applications, databases and personnel training to strong 21st century
standards. FISMA requires compliance with industry best practices
including the National Institute of Standards and Technology (NIST) for risk
management, security control assessments, continuous monitoring and incident
reporting. FISMA improves the confidentiality, integrity, and availability of
federal information assets.
Dogwood understands FISMA requirements and the people, processes,
and technologies required to ensure full compliance. Our FISMA compliance
services identify gaps within the agency’s security program and the requirements
of FISMA reporting and provides remediation actions for improving compliance.
Since the act was passed in 2002, we have assisted federal organizations with
understanding FISMA, and by providing systems and services to help achieve
marked improvements, if not full compliance via audited security scores.
Dogwood's service offerings in FISMA and Regulatory Compliance include:
* Evaluating agency's existing security program and determining gaps with
* Developing quarterly and annual FISMA reports
* Performing Enterprise Risk Assessments
* Developing appropriate enterprise security policies and procedures
* Translating FISMA requirements for operational systems
* Developing and implementing processes for C&A compliance in accordance
with NIST SP 800-37
* Reporting on continuous monitoring activities for proper POA&M
* Reporting on status of FISMA requirements including risk assessments,
POA&M status, security control assessments, and documentation requirements
* Analyzing and recommending enterprise tools for FISMA compliance and
We get results.
In 2004, Dogwood was
responsible for The US Agency for International Development (USAID) being one of the
first agencies to receive an "A+" in their annual information security audit,
which we have helped them to repeat in 2005, 2006, 2007 and 2008.
to develop the business continuity plan for the State of Louisiana's Department
of Public Safety in Baton Rouge one year before Hurricane Katrina.
government clients to achieve measurable, specific results. What can we do