FISMA and FedRAMP Regulatory Assessments
Netspective follows the NIST Risk Management Framework (RMF) and helps organization meet their FISMA and FedRAMP Compliance assessment needsCall Us on 111-111-1111
How can Netspective help in each step of the process?
Categorize the System
- Evaluation of the entire system configuration
- Categorizing the system under review using the FIPS 199/NIST SP 800-60 Vol. 1 and Vol. 2 specs and the security posture of the system.
- Create system categorization and system component inventory and boundary information.
Select Baseline Security Controls
- Depending upon the organizational needs, a risk assessment will be performed.
- Check for the baseline controls applicable for the selected category.
- Using FIPS 200/ NIST 800-53, Netspective will select the baseline controls and refine them for the system under assessment.
Implement Security Controls
- Identify the security controls based on the system categorization.
- Use NIST SP 800-70 to help identify the risks to the system.
- Determine the special risks and controls unique to the system.
- Selection of controls from the NIST standards.
- Documents findings and generate the system security plan.
Assess Security Controls
- Create a plan to assess the effectiveness of controls.
- Netspective uses NIST SP 800-53A to assess the controls for effectiveness, correctness of implementation, operation as intended and meeting security requirements of the system.
- Controls that are identified to not work properly are documented and tracked in a report.
Authorize Production Use
- Using SP 800-37, Netspective will determine the risk to the organization, assets, individuals amd the nation. The risks of non compliant items are evaluated and a report will be given by which the organization can decide whether to accept the risk or not.
Continuously monitor system controls and examine risk
- This is typically carried out by the performing organization.
- Netspective can help reassess changes to the system environment and document changes to the system or its environment of operation.
- Netspective can guide the organizations in the continuous monitoring of the Security Controls using the NIST SP 800-53A specs.
Call us today