FISMA Compliance Assessment

Developing cost-effective strategies to help organizations maintain compliance with the Federal Information Security Management Act.

Developing and maintaining a complete and cost-effective Federal Information Security Management Act (FISMA) compliance program presents unique challenges. At RSM, our approach to FISMA compliance provides a clear correlation with the applicable National Institute of Standards and Technology (NIST), Office of Management and Budget (OMB) and Department of Defense (DoD) standards, regulations, publications and manuals governing FISMA independent evaluations.

We base our security evaluation framework on the information technology committee of the Federal Audit Executive Council guidance and structure our FISMA compliance assessment around the following areas:

  • Program controls (strategic policies, procedures and plans)
  • System controls (tactical implementation)
  • Management controls
  • Technical controls
  • Operational controls

Our FISMA compliance assessment approach is based on a deep understanding of the federal government’s operating environment and your organization’s system security plans. We’re also well versed on accreditation boundaries and implementation of applicable security controls required by NIST special publications, Federal Information Processing Standard Publications (FIPS) and other agency-specific requirements.

Contact RSM  to discuss how we can develop a FISMA compliance program that works for you.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




Cybersecurity risks for employee benefit plans

  • January 11, 2018


Understanding cybersecurity and operational risks of cryptocurrency

  • November 09, 2017


Cybersecurity best practices and considerations for the public sector

  • October 26, 2017


Learn the real cost of a data breach

  • October 17, 2017


AML and regulatory compliance webcast series—Fall 2017

  • September 28, 2017