FISMA

Lunarline is well versed in the Federal Information Security Management Act (FISMA) and Office of Management and Budget (OMB) requirements by implementing enterprise-level security programs and leading C&A efforts throughout the Federal Government. In addition, many of our team members have extensive backgrounds in the hands-on implementation of information security solutions backed by individual certifications such as CISSP, CAP, CISA, ISSEP, and have been through our rigorous NSA/CNSS approved FISMA training programs. Lunarline employees are experts in the full gambit of the Risk Management Framework (RMF) performing security categorizations (FIPS 199/NIST SP 800-60), selecting common and system specific controls (NIST SP 800-37 Revision 1, NIST 800-39, NIST SP 800-53 Revision 3), implementing security controls (NIST SP 800-53 and NIST SP 800-70), conducting risk assessments (NIST SP 800-30), independently conducting security control assessments (NIST SP 800-53A), providing authorization support to Agency AO, DAA, and CAs, and developing and implementing continuous monitoring strategies and programs. Our support includes supporting Agencies and contractor’s integration and testing of Federal Agency specific controls to include but not limited to: Veterans Affairs (VA), Health and Human Services (HHS), and over 20 other Federal Agency Specific requirements.

Our staff has been trained and is experienced in developing Systems Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Actions and Milestone (POA&M) for our Federal and commercial customers. Lunarline has participated in audits with the GAO and IG and other associated activities.

Our services include fully compliant and specialized FISMA Training Programs that:

  • Develop cyber security strategies, roadmaps, training, and execution plans for C&A transition to the Risk Management Framework (RMF) for senior leadership, risk executives, and stakeholders.
  • Provide full spectrum FISMA and privacy program support to Federal Agencies and commercial customers.
  • Develop full range cyber security / RMF training and certification programs for Federal Agencies and commercial customers (including management and train-the-trainer courses).
  • Develop, integrate, test, and manage real time continuous monitoring plans, and capabilities for enterprise and specialized information systems.
  • Design, develop, configure, and maintain enterprise Security Operation Centers (SOC), enterprise Identity Management Solutions, and Security Content Automation Protocol (SCAP) solutions.
  • Develop, integrate, implement, and executesecurity architectures and support to the SDLC
  • Develop C&A packages for Major Applications, General Support Systems, and Minor Applications.
  • Conduct Annual Assessments and Pre-Agency Audits.
  • Conduct Independent Security Control Assessments / Independent Validation Authority.
  • Develop and enhance security programs.
  • Develop, integrate, and execute security metrics
  • Conduct Enterprise Risk Assessments and Common Control Selection.
  • Develop strategic security plans and programs