FISMA & NIST Compliance

  1. HOME
  2. /
  3. SERVICES
  4. /
  5. FISMA & NIST Compliance

FISMA & NIST

AssurancePoint offers readiness assessment services (free for new clients), gap remediation guidance, Type 1 attestation assessments (control design as of a point in time), and Type 2 attestation assessments (design and operating effectiveness over a period of time) for organizations seeking an independent examination and reports over a specified NIST framework. Our examinations are conducted in accordance with attestation standards established by the AICPA.

service-dt-img
service-dt-icon

NIST 800-53

The National Institute for Standards and Technology (NIST) develops standards and control guidelines to help government agencies comply with the Federal Information Security Modernization Act (FISMA). Special Publication 800-53 contains a framework of information security and privacy controls intended for federal information systems and organizations. However, the NIST 800-53 publication has become a popular security control framework broadly accepted in the private sector.

Talk to us btn-arrow
service-dt-img
service-dt-icon

NIST CSF

The NIST Cybersecurity Framework (CSF) consists of guidance and standards for organizations to manage and reduce cybersecurity risk. The framework was developed via collaboration of government and industry agencies and largely leverages existing cybersecurity and risk management standards. The CSF is a high level risk-based framework when compared to 800-53. The higher-level scope is often easier understood by executives and other non-technical stakeholders. The CSF is also not designed as a regulatory requirement for government agencies and affiliates. This allows greater flexibility in its implementation to suit an organization’s needs.

Talk to us btn-arrow
service-dt-img
service-dt-icon

NIST Privacy Framework

The Privacy Framework established by NIST is intended to help organizations identify and manage privacy risks associated with their products or services. The Privacy Framework is modeled after NIST’s Cybersecurity Framework (CSF) however it extends the scope to account for privacy risks arising from data processing that may be unrelated to cybersecurity incidents. An assessment against the Privacy Framework would benefit organization’s looking to improve their existing data privacy program as well as those looking for flexible guidance to serve as the foundation for a new privacy program.

Talk to us btn-arrow
OUR PROCESS

Our Examination Process

Defined and tested process to streamline your examination, empower you with information, and deliver quality.

steps-img

STEP #1

Readiness Assessment:

  • Detailed control mapping
  • Identification of gaps
  • Actionable recommendations by AssurancePoint

All detailed in a readiness report delivered by AssurancePoint. Free For New Clients

Learn More btn-arrow

STEP #2

Remediation & Planning For Initial Assessment:

  • Client remediation of identified gaps with AssurancePoint guidance
  • Distribution of information request
  • Examination kickoff meeting and distribution of project calendar

STEP #3

Examination Fieldwork:

  • AssurancePoint examination of evidentiary documentation
  • Procedure walkthroughs
  • Regular project status communication
  • Fieldwork closing meeting

STEP #4

Review Of Draft Report And Issuance Of Final Report:

  • Issue draft examination report for client review
  • Upon client approval, issue a final examination report
  • Project setup for subsequent examination

NEWS & BLOGS

Resources

blog-img

Introduction to the SOC for Cybersecurity

The rise and institutionalization of cyber-attacks and data breaches within the corporate landscape has justifiably…

Learn more btn-arrow February 7, 2023
blog-img

What is a SOC 2 – Overview, Who Needs One, and How to Obtain a Report

We often find our new clients in a familiar position – An existing or potential…

Learn more btn-arrow February 7, 2023