Using NIST 800-53 vs. NIST 800-171 in a FISMA Audit

by Sarah Harvey / June 13, 2023

When any organization engages in a FISMA audit, their information systems are organized according to FIPS 199 and FIPS 200 to determine security categories and impact levels. Then, those systems are tested against a tailored set of baseline security controls. Depending on whether an organization is a federal agency or a private sector entity, different NIST publications of security controls may apply to the FISMA audit. How can you determine…

How to Prepare for a FISMA Audit

by Sarah Harvey / November 20, 2023

FISMA is U.S. legislation enacted as part of the Electronic Government Act of 2002, intended to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction. To comply with FISMA, organizations must demonstrate that they meet the standards set forth by NIST SP 800 series. Unique to a FISMA audit, organizations can tailor the relevant security control baseline so that it more closely aligns with their…

FISMA vs. FedRAMP

by Sarah Harvey / June 13, 2023

FISMA and FedRAMP audits are often confused because both involve compliance around government data. But, when you dive into the details of each audit, you’ll recognize the differences are stark. Let’s talk through each of these compliance audits and how you can tell them apart from one another. What is FISMA? The Federal Information Security Modernization Act, or FISMA, is U.S. legislation that requires government agencies to meet a standard…

Considering an Audit Readiness Tool? 4 Questions to Ask

by Sarah Harvey / January 10, 2024

Using KirkpatrickPrice for Audit Readiness We've seen more and more automated solutions and tools enter the market that promise easy and cheap compliance, no commitment, and expert guidance. Don't be fooled, though! These audit prep solutions and tools are actually only promising one thing: readiness. Unlike firms with automated solutions and tools that focus solely on audit readiness, KirkpatrickPrice provides a comprehensive audit experience. They cannot provide what you actually…

Cheat Sheet for Office 365 Forwarding Rules

by Sarah Harvey / November 20, 2023

Protecting Your Office 365 Accounts A key part of your organization's information security strategy is correct configurations for Office 365, because compromising your Office 365 accounts is a gateway to much more sophisticated attacks. Many industry breach reports speculate that hacking Office 365 email accounts is the first thing an attacker wants to do, because it has the potential to give them access to so much more information. Phishing is…