Security Domain

FISMA - Federal Information Security Modernaization Act
FISMA – Federal Information Security Modernaization Act

PSI is well versed in the Federal Information Security Modernization Act (FISMA) and Office of Management and Budget (OMB) requirements by implementing enterprise-level security programs and leading C&A efforts throughout the Federal Government. We have supported Federal Agencies and contractor’s integration and testing of Federal Agency specific controls to include but not limited to: Department of Defense (DoD), Department of Homeland Security (DHS), Intelligence Community (IC), and several other Federal Agency Specific requirements.


PSI certified team members have extensive backgrounds in the hands-on implementation of information security solutions, and have been through our rigorous approved FISMA training programs.

PSI security engineers are experts in:

  • Risk Management Framework (RMF)
  • Performing security categorizations (FIPS 199/NIST SP 800-60)
  • Selecting common and system specific controls (NIST SP 800-37 Revision 1, NIST 800-39, NIST SP 800-53 Revision 3)
  • Implementing security controls (NIST SP 800-53 and NIST SP 800-70)
  • Conducting risk assessments (NIST SP 800-30), independently conducting security control assessments (NIST SP 800-53A)
  • Providing authorization support to Agency AO, DAA, and CAs
  • Developing and implementing continuous monitoring strategies and programs

PSI Security Engineers have been trained and experienced in developing Systems Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Actions and Milestone (POA&M) for our Federal and commercial customers.

PSI FISMA Security Compliance services include fully compliant and specialized FISMA Training Programs to:

  • Develop cyber security strategies, road maps, training, and execution plans for C&A transition to the Risk Management Framework (RMF) for senior leadership, risk executives, and stakeholders.
  • Provide full spectrum FISMA and privacy program support to Federal Agencies and commercial customers.
  • Develop full range cyber security/RMF training and certification programs for Federal Agencies and commercial customers (including management and train-the-trainer courses).
  • Develop, integrate, test, and manage real time continuous monitoring plans and capabilities for enterprise and specialized information systems.
  • Design, develop, configure, and maintain enterprise Security Operation Centers (SOC), enterprise Identity Management Solutions, and Security Content Automation Protocol (SCAP) solutions.
  • Develop, integrate, implement, and execute security architectures and support to the System Development Life Cycle (SDLC)
  • Develop C&A packages for Major Applications, General Support Systems, and Minor Applications.
  • Conduct Annual Assessments and Pre-Agency Audits.
  • Conduct Independent Security Control Assessments / Independent Validation Authority.
  • Develop and enhance security programs.
  • Develop, integrate, and execute security metrics
  • Conduct Enterprise Risk Assessments and Common Control Selection.
  • Develop strategic security plans and programs

We help our clients with their solution delivery in four domains: ComputingAssuranceSecurity, and Engineering (CASE).