Ask the Expert

What criteria should I look for in a service provider to help my government agency comply with FISMA

I am currently in search of service providers that help government agencies meet FISMA requirements. What are the criteria I should look for in a service provider, specifically one to help with compliance?

    Requires Free Membership to View

Unfortunately, there are no silver bullets, so ultimately someone internal to the agency, along with a service provider implementing a structured security program, must accept responsibility for the protection of the agency's information.

Once that person is in place, the next step is figuring out the current state of the information security program. Does one exist? How effective is it? A service provider can help build an architecture for security, which will involve learning what needs to be protected, where the information is, how various systems gain access to nd use the data and then figuring out the best way to protect the implementation. There are a variety of organizations that can do this.

Concerning implementation, service providers can help to install new gear and manage the infrastructure. One option is a managed security services (MSS) provider, which assists with the operational responsibilities of managing the devices. The MSS market is maturing, so providers should have a long and successful track record of providing pertinent services. Secure data centers, lots of certified staffers and significant financial resources are all important criteria of providers.

Compliance is a totally different issue; it's more about defining where the organization needs to go than the day-to-day work to get there. I always counsel clients to think about security first and let compliance follow. Documenting and substantiating the implemented security controls is enough for most auditors.

More information:

This was first published in April 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: