The Federal Information Security Modernization Act (FISMA) of 2014 (44 U.S.C. § 3554) requires the head of each Federal agency to provide information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems. Additionally, FISMA requires agency heads to report on the adequacy and effectiveness of the information security policies, procedures, and practices of their enterprise.

Sigma Technology’s Risk-based framework includes evaluation of agency-wide security planning, accountability, configuration, implementation and testing assessment and measure, remedial action, and a continuous improvement process. Sigma Technology assists agencies in selecting and specifying security controls for information systems supporting the agency’s mission. Our methodology has been developed to help achieve more secure information systems within the federal government by: Facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems. Our compliance program is designed in accordance with FIPS 199, FIPS 200, NIST SP800-53 and other NIST’s special publications.

Sigma Technology provides detailed evaluation of the agency’s compliance performance and prioritized roadmap of recommendations for implementing security program and compliance reporting improvements. FISMA Assessment and Authorization (A&A) and compliance audit engagements are assigned to highly skilled CISA/CISSP and CPA partners.