FISMA Compliance Assessment

Developing cost-effective strategies to help organizations maintain compliance with the Federal Information Security Management Act.

Developing and maintaining a complete and cost-effective Federal Information Security Management Act (FISMA) compliance program presents unique challenges. At RSM, our approach to FISMA compliance provides a clear correlation with the applicable National Institute of Standards and Technology (NIST), Office of Management and Budget (OMB) and Department of Defense (DoD) standards, regulations, publications and manuals governing FISMA independent evaluations.

We base our security evaluation framework on the information technology committee of the Federal Audit Executive Council guidance and structure our FISMA compliance assessment around the following areas:

  • Program controls (strategic policies, procedures and plans)
  • System controls (tactical implementation)
  • Management controls
  • Technical controls
  • Operational controls

Our FISMA compliance assessment approach is based on a deep understanding of the federal government’s operating environment and your organization’s system security plans. We’re also well versed on accreditation boundaries and implementation of applicable security controls required by NIST special publications, Federal Information Processing Standard Publications (FIPS) and other agency-specific requirements.

Contact RSM  to discuss how we can develop a FISMA compliance program that works for you.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more