Federal Information Security Management Act (FISMA) of 2002.

“The President has given a high priority to the security of the Federal Government’s operations and assets.  Protecting the information and information systems on which the Federal Government depends, requires agencies to identify and resolve current security weaknesses and risks, as well as protect against future vulnerabilities and threats. The key method for fulfilling these requirements was the Government Information Security Act of 2000.  In 2002, FISMA superceeds  GISRA.

FISMA establishes requirements that must be accomplished by all Federal Government Agencies.  Four of those key requirements are outlined below.   Completing the tasks to support FISMA requires the dedication of highly experienced IA professionals that possess an in-depth understanding of all elements of an effective and efficient security Program.

TCAssociates integrates expertise in Information Assurance with our customers with a team that has extensive experience in security program development, assessment and deficiency remediation.  Our team includes members that have managed government security programs as Federal employees with specific experience in developing the products required for GISRA (now FISMA).  We have additional capabilities to support other relevant areas such as a comprehensive Risk Assessment and Standards Management Solution (ECM).

Develop an Agency-Wide Information Systems Security Program (ISP)

  • Periodic Assessment of Risks
  • Plans for Information Systems Security for Networks, Facilities, and Systems.
  • Security Awareness Training
  • Periodic Testing and Evaluation of ISP
  • Deficiency Remediation
  • Incident Detection, Response and Reporting
  • Disaster Recovery
  • Continuity of Operations

Annual Independent Evaluation

  • Test the Effectiveness of: Policies, Procedures and Practices on a representative subset of Information Systems

Annual Report to Congress

  • Adequacy, Effectiveness and Compliance of Information
  • Systems Security Policies and Practices
  • Adequacy, and Effectiveness in Plans and Reports relating to Budgets, Financial Systems, and Internal Accounting and
  • Administrative Controls
  • Deficiencies