Software Security Requirements & Support

Have you prepared your products for government compliance?

For Government » Winvale Blog »

FISMA Compliance Support

The FISMA Situation

The Federal Information Security Management Act (FISMA) is a law compelling every Federal Agency to implement and document their policy for handling their Information Security and Information Systems. Agencies must report the compliance of their systems against program metrics on a yearly basis—this is shifting to quarterly, monthly, and then continuous reporting. In 2006 the policy of granting Interim Authority To Operate (IATO) letters was suspended, forcing CIO and CISOs to consider compliance for every new system. If a non-validated software or system is deployed, then the Information Security posture of every touching system may be compromised and require costly re-accreditation. Increasingly, agencies are demanding that the software vendors certify that their software complies with FISMA guidelines.

What Winvale Provides

  • Secure - FISMA Ready Co-location and Managed Services
  • An initial assessment of the challenges and costs for obtaining sufficient compliance
  • A deeper assessment of existing security controls integrated into your system
  • Assistance gathering data for completing your "standard documents"— a key to the certification component of complying with Agency FISMA policies
  • Effective use of your internal resources to generate and provide required product details
  • An experienced team to generate your "standard documents" based on the information gathered by your team and any further required information
  • Guidance for properly using these "standard documents" to meet FISMA policy compliance

How Winvale Facilitates the Process

  • We will leverage our experience working with non-validated products for a successful go-to-market in the Federal Government Space
  • Our team will share our knowledge of differing certifications. When and why a certification would be needed and the benefits versus costs in achieving each
  • Based on this assessment our team of compliance experts will discuss and recommend the areas of compliance most properly aligned with the vendor's product's specific need
  • Partnerships and relationships with other labs and consultants who can assist with other required certifications
  • If FISMA is the right option, we offer extensive and growing experience developing Standard Document packages around FISMA policy compliance for vendor products, in accordance with NIST/OMB guidelines
  • Additionally, we will provide guidance for effective use of the standard documents package and can provide ongoing support for future government compliance concerns as they arise.

Additional Area of Support:

  • Common Criteria (EAL Levels 1-5)
  • FIPS 140-2
  • SCAP Testing
  • PIV Testing
  • C&A Support
  • NIAP CCEVS

 

Contact »