FISMA / NIST Assessment

At AARC-360 our Compliance services offer a comprehensive review of your adherence to laws and regulations including the HIPAA Security Rule and/or FISMA (NIST 800-53)

AARC-360 can assist organizations that are required to comply with the Federal Information Security Management Act (FISMA) requirements that may require an independent assessment of its security controls in accordance with the National Institute of Standards and Technology (“NIST”) Special Publication 800-53 rev4 (“SP 800-53”).  The assessment is performed by evaluating controls in each of the 17 control families defined in the NIST SP 800-53. Testing is done in accordance with the NIST SP 800-53A “Assessing Security and Privacy Controls in Federal Information Systems and Organizations.”. Testing includes performing interviews, reviewing policies and procedures and assessing the automated controls in place. The controls selected for testing are dependent on the defined control baseline (low, moderate, or high) determined at the beginning of the assessment.

AARC-360 issues a Security Assessment Report which contains details of the testing procedures performed, the tested controls, the implementation status of each control, the gaps identified, and guidance for remediation, corrective action and / or improvement of controls.