Complete FISMA Preparation*
Our FISMA and Project Management professionals guide System Owners through the complete process, from identifying system boundaries and data types to addressing any findings from the independent assessor and creating the authorization package for the Authorizing Official.

Gap Analysis
Our Gap Analysis service identifies policies, procedures, and tools that are already in use by your organization and applies those to FISMA/FedRAMP requirements. We identify additional items needed and the existing items that must be augmented to satisfy NIST SP 800-53 specified controls required to achieve FISMA/FedRAMP compliance.

Enterprise Program Support
FISMA legislation requires an enterprise-wide approach to a security program. This program establishes common controls, such as organizational policies and standards, provides guidance to system owners, and tracks and reports progress to OMB or similar organizations.  Additionally, enterprise programs leverage FedRAMP Provisional Authorizations to Operate, may sponsor CSPs, and establish guidance for controls still belonging to the cloud subscriber.  Logyx™ helps establish and manage such programs, offering consultation on how to improve efficiencies and effectiveness.

Independent Assessment -- FISMA*
Logyx™ provides the independent assessment required for Cloud Services and Information Systems categorized as Moderate or High. Our assessment methodology is an enhancement to the NIST guidance, is easily modified to accommodate specific organizational needs, and records evidence of the effectiveness and appropriateness of all the 800-53 specified controls.  Logyx™ has also developed a Continuous Compliance approach which spreads the assessment over three years to maintain compliance and minimize impact to the budgeting process.

Complete FedRAMP Preparation*
Logyx™ is accredited by FedRAMP to assess the security of Cloud Service Providers (CSPs) aiming to service the Federal Government.  In 2011, the Federal CIO, announced a Cloud First mandate requiring Agencies to consider Cloud Services before dedicated solutions.  The Federal Risk Authorization Management Program (FedRAMP) was formed to establish an efficient and effective means to ensure the security of CSPs.  FedRAMP accredits 3PAOs who have demonstrated proper FISMA, FedRAMP, Cloud Security and Quality Control processes.

Training
Logyx™ offers a suite of training options to assist your organization in understanding the requirements of FISMA and FedRAMP. We tailor our training material and approach to most efficiently meet each client’s needs.

Security Control Remediation
Where control operational effectiveness falls short of expected performance or best practices, our security professionals help define, document and deploy new policies, processes, procedures and tools to ensure an effective security posture with efficient compliance.

FedRAMP Third Party Assessment*
Logyx™ provides the independent assessment required for Cloud Service Providers seeking to service the Federal Government. Logyx is fully accredited FedRAMP 3PAO.  Our assessment methodology complies with NIST and FedRAMP guidance with specific tailoring for efficiency and effectiveness. Logyx™ provides both full assessments and annual re-assessment of a subset of controls as required by FedRAMP.

* Note: Logyx™ cannot provide both preparation services and independent/third party assessments services to the same organization.