A large government finance organization was sited as non-compliant with its 2016 annual Federal Information Security Modernization Act (FISMA) continuous monitoring program. In November 2016, it was 12 months behind schedule with both the documentation of control implementations and the assessment of the controls per its FISMA program.
• Internal Controls
• Risk Assessment & Management
• Business Process Optimization
We developed, implemented, and delivered a plan to allow the organization to catch up with its 2016 compliance, as well as maintain the course to provide FISMA compliance for 2017 by end of the fiscal year. As part of the plan, we implemented an MS Access database to track how the NIST 800-53, Rev. 4 controls were implemented, assessed, and approved. As many controls are common across information technology systems, the database allowed us to track similar controls and consistently assess the controls per the NIST guidance.