How to Prepare for a FISMA Audit

by Sarah Harvey / October 22nd, 2020

FISMA is U.S. legislation enacted as part of the Electronic Government Act of 2002, intended to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction.

To comply with FISMA, organizations must demonstrate that they meet the standards set forth by NIST SP 800 series. Unique to a FISMA audit, organizations can tailor the relevant security control baseline so that it more closely aligns with their mission and business requirements, and environments of operation. This type of compliance helps organizations obtain an ATO, attract more government contracts, provide interested parties with evidence of their FISMA compliance, confirm that their organization appropriately protects government information and assets, and demonstrate a commitment to confidentiality, integrity, and availability.

Checklist to Prepare for a FISMA Audit

A FISMA audit, like all other information security audits, is an initiative that requires organization, commitment, and investment from your team. In order to be successful and reap the benefits of compliance, preparation is crucial. So, how can you prepare for this type of audit?

Start with this checklist of controls before entering into a gap analysis or audit.

  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Contingency Planning
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Physical and Environmental Protection
  • Personnel Security
  • Risk Assessment
  • System and Services Acquisition
  • System and Communications Protection
  • System and Information Integrity

Interested in pursuing a FISMA audit? KirkpatrickPrice is committed to helping your organization protect government information and assets and tackle this compliance goal.

We offer gap analyses and remediation plans, along with audits based on the NIST SP 800 series. We can help you determine which you need to use, NIST SP 800-53 vs. NIST SP 800-171. When you partner with KirkpatrickPrice, you work with information security auditors who are senior-level experts, holding certifications like CISSP, CISA, CISM, and CRISC. Let’s plan your FISMA audit today.