Home Company Services Support Career Partners Government Contact Us Training Center
 

Federal Information Security Management Act (FISMA)

IceTech provides:
Security Program Support:
Core services include support to application business unit owners in the following areas:
Overall compliance with Federal Information Systems Security Act (FISMA) requirements at Federal and State Agency level;
Documentation development required for security Certification and Accreditation (C&A), integrated into System Life Cycle artifact milestone exit requirements.  To include:

  • FIPS data risk categorization;
  • Privacy Impact Analysis;
  • Risk Assessment;
  • System Security Plan (SSP);
  • Information Technology Contingency Plan (ITCP)
  • Review of OMB required E-300s and other budget documents related to security costing accuracy

Where the above documentation exists, performing independent management evaluation prior to IG reviews. Prep and onsite support for IRS state agency reviews of IRC 6103 data.

Support for development or execution of FISMA Continuous Monitoring requirement  (formerly known as NIST 800-26/53 Self Assessments) 

Service delivery options:
1.     Dedicated staff assigned on a full time basis to support on-going activity.

  • Staff becomes familiar with business unit activity allowing for more efficient development of deliverables.
  • Allows for more definitive development of agency budget needs to support task delivery.
  • Immediate availability allows for direct on-going support to government business unit managers and employees assigned responsibility for these tasks.
  • Allows for performance of ad hoc tasks, as required by agency/bureau security program offices, as well as any required support for meetings related to internal guidance on core services related to Icetech tasks.

2.     Stand-alone task by task delivery development

  • Allows for flexibility when budgets will not support the dedicated staff option;
  • Provides the capability to select only specific Icetech core services. 
  • The implementation of cost-effective, risk-based information security programs;
  • The establishment of a level of security due diligence for federal agencies and contractors supporting the federal government;
  • More consistent and cost-effective application of security controls across the federal information technology infrastructure;
  • More consistent, comparable, and repeatable security control assessments;
  • A better understanding of enterprise-wide mission risks resulting from the operation of information systems;
  • More complete, reliable, and trustworthy information for authorizing officials---facilitating more informed security accreditation decisions; and
  • More secure information systems within the federal government including the critical infrastructure of the United States.