Chat with us, powered by LiveChat Response in 5-6 lines | All Paper

“Many companies amass the personal data of their customers such as names, addresses, and telephone numbers” (, 2019). Federal contractors also store, process, and transmit data that is crucial to the core services of federal agencies. Advancements in technology are also rapid in the world and any small mistake regarding customer data can have devastating effects on a company. Regulations have been put in place to safeguard customer data such as “Federal Information Security Modernization Act (FISMA) while government agencies like the National Institute of Standards and Technology (NIST)”, (2019), issue guidelines for compliance (Entrust Solutions, 2018).NIST formulates and dispenses guidelines on the best practices in many facets of sciences such as contracting and cybersecurity. For instance, its special publications on cybersecurity discuss topics such as privacy controls, security, business continuity, contingency plans, and risk management. These standards are a crucial part of federal information security readiness and create a foundation or roadmap for the government when it is approaching information security. It also reviews and vets FISMA security standards to make sure they are accurate and implementable by federal agencies and contractors (Compliance Point, 2018).FISMA requires contractors to preserve a record of information systems, to classify the information systems based on their level of risk, to uphold a security plan, implement security controls, and carry out risk assessments. It also emphasizes that businesses should be certified and accredited, and carry out continuous monitoring. The four deliverables to become compliant with FISMA include having a system safety plan, have a safety analysis statement, create a milestones report and strategy of action and have an authority to operate. In order to have all these in place, federal contractors should have publications from NIST that outline the process of compliance (Foresite, 2019). As such, FISMA and NIST have an interdependent relationship. FISMA expects government agencies to implement a type of program in information security that can manage risks effectively. On the other hand, NIST is a non-regulatory agency that has dispensed detailed guidance to ensure compliance with FISMA. For federal contractors and government agencies to comply with FISMA, they should comply with NIST since builds the framework for FISMA. They must authenticate compliance in agreement with the prescriptive list of security controls outlined in NIST. In this respect, NIST reviews and vets the security standards outlined by FISMA not only for their correctness but also for the ability of federal agencies to implement them without any hurdles. As such, federal contractors cannot become FISMA compliant without NIST compliance (, 2019). NIST also relates or creates a foundation for other compliance requirements apart from FISMA. Examples include HIPAA and PCI. As such, being compliant to all these regulations requires that one has knowledge of what is expected. This knowledge is outlined in NIST publications. Companies are expected to implement the safeguards that relate to their circumstances. For instance, some companies can outline their compliance in one document while others can use several documents. Some of the ways to ensure compliance include designating one or more workers to harmonize the data security programs of a company and designing a safeguards program that should be monitored regularly (, 2019).