About Us

Vigilant Technologies is a certified 8(a), Veteran Owned company headquartered in Chandler, Arizona. We provide products, services and enterprise-wide integration of innovative IT solutions to commercial, Federal, State and Local government clients. Our Leading edge services include Private/Hybrid Cloud, Server Consolidation, Virtualization implementation, and Infrastructure Management.


Feb 9

Written by:
2/9/2018 12:30 PM  RssIcon

Executive Summary

This blog series covers the Dos and Don'ts of contracting with the government. We'll cover the latest policies, guidelines and frameworks developed by the government that you need to know.

This blog is meant to introduce new contractors in the federal space to the innerworkings of government business elements. As the government publishes new Information Security regulations and guidelines, we’ll keep you updated on what you need to know and why you need to know it.

Key Terms


Adhering to a rule or a set of rules


The Federal Information Security Modernization Act, designed to provide the guidelines necessary to protect federal data

Information Security

Ensuring the integrity, authenticity, availability, and confidentiality of information


The National Institute of Standards and Technology is a non-regulatory agency under the Department of Commerce


NIST’s Risk Management Framework, providing guidelines to becoming FISMA compliant



FISMA (Federal Information Security Modernization Act of 2014) is an amendment to FISMA 2002 (Federal Information Security Management Act of 2002). Essentially, the purpose of the amendment is to establish and highlight the importance of information security for federal systems and mandate the development of, and compliance with, a government-grade information security framework. As a contractor, there are two noteworthy benefits that will come of this:

1.       FISMA 2014 mandates a change in federal infrastructure, that requires new hard and services.

2.       The amendment explicitly acknowledges that commercial information security products “offer advanced, dynamic, robust, and effective information security solutions” (U.S. Government Printing Office, 2014).This acknowledgement implies that the government is actively looking to commercial market for solutions to information security needs.

Additionally, NIST’s RMF (Risk Management Framework) complements FISMA by providing guidelines that lead to becoming FISMA compliant. The RMF consists of 6 steps, according to NIST:

  • Step 1:  Categorize
  • Step 2:  Select
  • Step 3: Implement
  • Step 4: Assess
  • Step 5:  Authorize
  • Step 6:  Monitor

Which Parts of FISMA Apply to Contractors

Well, let’s jump right to it: what parts of FISMA and the RMF are most relevant, and what happens when you are not compliant?

FISMA (2014) was intended for the government. The mandates described within do not directly require contractors to do anything. So, what’s the big hoopla over it about? FISMA is important to contractors whom are aiming to reap the benefits of working with the government.

The “IS” in FISMA is “ Information Security,” not “Systems Security.” The major distinction here is that FISMA emphasizes the security of federal information through any medium, not just federal systems. This is where the RMF comes into play. The RMF abstracts information security requirements from federal law into a modular, scalable system development lifecycle, and it encapsulates everything you’ll need to know about FISMA to be compliant.

The RMF relies heavily on  Security Controls which are its foundation, these controls are outlined in NIST SP 800-53 and will be covered in a later blog post. Their purpose is to provide safeguards/countermeasures that protect the security, integrity and availability of information (Joint Task Force Transformation Initiative, 2013), they are the foundation of the RMF.

The consequences of Not Being Compliant

There are significant drawbacks to hosting infrastructures that are not FISMA compliant, including exclusion from competition for federal contracts. In light of the fact that warfare is shifting to the cyber arena, the Federal Government   is pushing more and more to secure its data systems. These policies, in turn, affect the funding that available to us contractors.

Non-compliant federal contractors with current contracts are also at risk of losing their contracts, or even federal charges. Furthermore, most federal grants now require FISMA compliance. The government simply will not fund organizations or projects that open security holes by not being FISMA compliant.


Joint Task Force Transformation Initiative. (2013, April).  Security and Privacy Controls for Federal Information Systems and Organizations.Retrieved from National Institute of Standards and Technology: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

U.S. Government Printing Office. (2014, December 18).  S.2521 - Federal Information Security Modernization Act of 2014. Retrieved from congress.gov: https://www.congress.gov/bill/113th-congress/senate-bill/2521/text

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Add Comment   Cancel