NIST Special Publication 800-53, also referred to as the “Cyber Security Framework” provides a catalog of privacy and security controls for federal information systems and organizations. The bulk of our FISMA solution involves a complete and thorough NIST 800-53 controls assessment. This is not only required for FISMA compliance but also is demonstrated as a “best in class” practice regardless of industry.
The Seven Essential Elements
of an Effective CSF/FISMA
1. Develop and maintain an inventory of
major systems and interconnections
2. Categorize information and
information systems according to
level of risk
3. Select security controls for systems
4. Complete a comprehensive risk
5. Develop a system security plan
6. Achieve security certification and
7. Develop continuous monitoring
Top 5 Reasons to Undertake Risk Analysis and Risk Management:
1. Avoid security incidents
and /or breaches.
2. Ensure that high priority risks are
aggressively managed and that all
risks are cost-effectively managed
throughout the project.
3. Become a “best in class” practice.
4. Provide management at all levels with
the information required to make
informed decisions on issues critical to
5. Tremendous educational and
CSF/FISMA Compliance and Risk Management
Who is required to comply with the CSF/FISMA?
All federal, state, and local government agencies, contractors and organizations
that exchange data directly with government systems must be FISMA compliant.
What are the penalties for failing to comply with the CSF/FISMA requirements?
Federal CIOs face the risk of being called to Capitol Hill to testify if their agencies
receive poor scores on FISMA compliance. Also, since FISMA was enacted, lawmakers have threatened to cut agency budgets if they did not improve their FISMA scores.
Since Congress publishes agencies’ FISMA results each year, reputation damage has
been one of the main penalties of noncompliance as well.
Sentryx Solution for CSF/FISMA Compliance and Risk Management
Sentryx provides expert guidance and effective software technology called SPARTAN
to address the entirety of FISMA compliance and risk management. Our solution consistently addresses the seven elements of an effective compliance program. Also included is our NIST 800-53 privacy and security controls assessment. Lastly, our risk assessment process includes an accurate and thorough assessment of the potential
risks and vulnerabilities to the confidentiality, integrity, and availability of federal data
• Spartan provides an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic information, whether it be client or company data.
• Definitions and default text aid in understanding of each topic and provide proper vernacular for attestation.
• Spartan solutions risk access, develop mitigation plans, and write reports.
• Spartan provides operational compliance through a mature, repeatable, complete, accurate and sustainable process and can become your on-going compliance assessment and monitoring tool.
• Spartan SaaS is an Enterprise Class platform providing Information Technology, Governance Risk and Compliance (IT GRC). Modules include HIPAA, FISMA, PCI-DSS, FERPA, NERC-CIP, Business Continuity Planning.
• Modules can be used individually or in combination when unique compliance requirements share common security controls and help us efficiently keep up with hundreds of tasks associated with each regulatory requirement.
• Spartan provides an auditable, password protected, logged documentation tool that meets requirements of internal and external audit standards.
Sentryx Cybersecurity Solutions provides
a methodology and software that is proactive, adaptable, and consistent with industry best standards.
The risk analysis and risk management process includes an accurate and
thorough assessment of the potential
risks and vulnerabilities to the confidentiality, integrity, and availability
of government information.
An Ongoing Effort that
Requires Process Maturity
Peace of Mind
There is a Right Way and
Many Wrong Ways
Checklist and Spreadsheets
Will Not Pass Audit
Copyright 2013 - 2015 Sentryx Cybersecurity Solutions. All rights reserved.