Banking and Financial Services


Healthcare and Insurance


High Technology and Manufacturing

Service Companies

Information Request

Contact Us


The Federal Information Security Management Act (FISMA), along with the Paperwork Reduction Act of 1995 and the Information Technology Management Reform Act of 1996 (Clinger-Cohen Act), emphasize the top-down, risk-directed approach to policy creation. To this end, the Office of Management and Budget (OMB) through requires agencies within the federal government to:
Plan for security

Assign appropriate officials to oversee the security responsibility

Monitor the security controls in their information systems

Authorize system processing prior to operations and, periodically, thereafter

These OMB requirements necessitate that responsible agency officials understand the risks that could adversely affect the success of their mission. These officials must understand the current status of their security programs and security controls to protect their information and information systems. Security measures commensurate with the risk, including the impact from a security breach, disclosure, disruption or unauthorized modification to these systems is central to the FISMA implementation. All aspects of a robust FISMA flow naturally from a comprehensive and accurate risk assessment, as outlined by the NIST in their Risk Framework.

The focus on FISMA compliance issues can take significant resources and funding from agency budgets. That said, we at FDC Associates have years of experience in each of what are now called the NIST (National Institute of Standards and Technology) areas of concentration. Let our DOD 8570 Tech Level III-certified management and staff assist and create a program for your agency. We are expert in:

FISMA Assessments and Audits
OMB A-123 internal controls assessments
FIPS 200 and NIST 800-53 requirements
External Network Vulnerability Assessments
Network Penetration Testing
Internal Network Vulnerability Assessments
Application Security Testing
Consulting services for security policy development

FDC Associates can help you assess, design and implement internal controls relating to any part of your IT infrastructure. The skills and capabilities of our professionals include internal IT audit, information security, IT consulting and network testing. Our experienced Certified Information Systems Auditors (CISA), Certified Information Systems Security Professionals (CISSP), Certified Fraud Examiners (CFE) and Certified Microsoft Professionals (CMP) have worked in IT audit roles for over 20 years.

For more information on IT Audit and Governance Solutions from FDC Associates, complete an Information Request or Contact Us.