Employee Links


FISMA & Security Reviews

Kompsys > Vulnerability Assessments > FISMA & Security Reviews

The Federal Information Security Management Act (FISMA) requires federal agencies to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency.

A key aspect of FISMA includes an annual assessment of an agency’s progress in meeting these requirements. KOMPSYS has substantial experience in performing independent FISMA audits for agency Office of Inspector General’s (OIG). These audits focus on determining management’s effectiveness in implementing and maintaining an agency-wide security management program that includes:


  • Development of Detailed IT Policies and Procedures
  • A Comprehensive Risk Management Process
  • A Comprehensive Certification and Accreditation Process
  • Effective Oversight of Contractors and Contractor Systems
  • An Agency-Wide Privacy Program
  • Effective Configuration Management Policies and Procedures

KOMPSYS is experienced in performing numerous types of technical security reviews both in support of financial and IT audits and as stand-alone engagements including:


  • External and Internal Penetration Testing
  • External and Internal Vulnerability Scanning
  • Database Reviews
  • Operating System Reviews
  • Firewall and Router Reviews