FISMA and FedRAMP Regulatory Assessments and Government IT Compliance Management Service

Medical Technology, Healthcare & Government IT

.
FISMA and FedRAMP Regulatory Assessments

Netspective follows the NIST Risk Management Framework (RMF) and helps organization meet their FISMA and FedRAMP Compliance assessment needs

Call Us on 111-111-1111

 

How can Netspective help in each step of the process?

1

Categorize the System

  • Evaluation of the entire system configuration
  • Categorizing the system under review using the FIPS 199/NIST SP 800-60 Vol. 1 and Vol. 2 specs and the security posture of the system.
  • Create system categorization and system component inventory and boundary information.

Select Baseline Security Controls

  • Depending upon the organizational needs, a risk assessment will be performed.
  • Check for the baseline controls applicable for the selected category.
  • Using FIPS 200/ NIST 800-53, Netspective will select the baseline controls and refine them for the system under assessment.


2

3

Implement Security Controls

  • Identify the security controls based on the system categorization.
  • Use NIST SP 800-70 to help identify the risks to the system.
  • Determine the special risks and controls unique to the system.
  • Selection of controls from the NIST standards.
  • Documents findings and generate the system security plan.

Assess Security Controls

  • Create a plan to assess the effectiveness of controls.
  • Netspective uses NIST SP 800-53A to assess the controls for effectiveness, correctness of implementation, operation as intended and meeting security requirements of the system.
  • Controls that are identified to not work properly are documented and tracked in a report.


4

5

Authorize Production Use

  • Using SP 800-37, Netspective will determine the risk to the organization, assets, individuals amd the nation. The risks of non compliant items are evaluated and a report will be given by which the organization can decide whether to accept the risk or not.

Continuously monitor system controls and examine risk

  • This is typically carried out by the performing organization.
  • Netspective can help reassess changes to the system environment and document changes to the system or its environment of operation.
  • Netspective can guide the organizations in the continuous monitoring of the Security Controls using the NIST SP 800-53A specs.


6

Questions

Call us today

111-111-1111

Drop Us a Line

Your Name (required)

Your Email (required)

Question

Leave a Reply