What is a FISMA audit?
A FISMA audit uses NIST Special Publication 800-53 as the framework for testing compliance with FISMA, a law enacted in 2002 to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems.
How much does a FISMA audit cost?
Pricing for a FISMA audit depends on scoping factors, including business applications, technology platforms, physical locations, third parties, and audit frequency. Pricing will also vary based on the inclusion of a gap analysis, or inclusion of additional remediation time.
How long does a FISMA audit take to complete?
The average FISMA audit, using KirkpatrickPrice’s process, is completed in 12 weeks. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the delivery of a report.
What do I receive when my FISMA audit is complete?
A FISMA audit culminates in a report, written by our in-house Professional Writing team. The report will provide stakeholders with independent third-party verification regarding the fairness and suitability of controls relative to information security and practices.
How long is a FISMA report valid?
The opinion stated in a FISMA report is valid for twelve months following the date the report was issued.
Who is involved in a FISMA audit?
Team members involved in a FISMA audit could come from anywhere in your organization, ranging from human resources to IT to compliance officers – anyone with the appropriate responsibilities for and knowledge of the matters concerned in the audit.
What are the 3 FISMA compliance levels?
NIST defines the three levels FISMA compliance levels as low impact, moderate impact, and high impact. Learn more here.