FISMA

Over the years, VITECH has helped a wide variety of businesses, companies, and organizations meet FISMA compliance standards. We have helped organizations of all sizes, from the small DoD Contractors, to large Defense Contractors, such as Lockheed Martin, to supporting the U.S. Army and U.S. Air Force directly.

VITECH has multiple packages to help each organization, according to their needs. These include:

  • Compliance Guidance under FIPS 200
  • Base Compliance Package
    • Employee Data Security Training
    • Security Risk Assessment using NIST 800-53 controls
    • Gap Identification
  • Base Compliance Package + Remediation Guidance
  • FISMA Compliance Audit + Certification
    • Necessary to Ensure an Organization’s Internal Controls & Compliance to FISMA Regulations

Government-affiliated organizations are at even greater risk of attack, as they are prime targets for both domestic and foreign agents. Considering that government affiliates handle both classified government information and reams of personal and financial information on citizens, protecting data is a high priority for these organizations. With the number of security threats on the rise, the U.S. government has taken action with several security regulations with which its agencies and affiliates must comply. One of these is FISMA.


FISMA regulations apply to all agencies of the United States federal government. Since its enactment in 2002, however, the agencies and organizations to which FISMA applies have been expanded to include the following groups:

Federal Agencies: Federal agencies were the original target of the FISMA bill, as the original act was meant to bolster the government’s efforts toward electronic security. As such, all federal agencies are required to meet FISMA compliance by default.

State Agencies: Since the bill passed in 2002, FISMA has expanded to include state agencies involved in federal programs. Since these agencies handle sensitive federal data, they are as responsible for its security and upkeep as federal agencies. Agencies included in this expansion include those that manage federal programs like unemployment insurance, student loans, Medicare and Medicaid, among others.

Private Sector Contractors: FISMA further expands its reach into the private sector, since many agencies contract jobs to private companies. Because these contractors handle highly sensitive federal data, it follows that such organizations should comply with FISMA regulations like any federal agency. Today, any private sector companies with contractual relationships with federal agencies must follow FISMA regulations as closely as state and federal agencies. These include government contractors that provide services or support for or receive grant money from these agencies.

The Federal Information Security Management Act, commonly referred to as FISMA, is a United States federal law. The law was passed in December 2002 as Title III of the larger E-Government Act, or Public Law 107-347. FISMA makes it a requirement for all federal agencies and their contractors to bolster their information security programs through various means. This was part of a larger effort on the part of the United States government to improve their management of electronic services and processes.

    .