Comprehensive Federal Compliance Services

FLANK’s federal compliance consulting services consist of FISMA, FedRAMP, DFARS 800-171, CFPB, GLBA, FFIEC, SEC, HIPAA/HITECH, and more. Our federal compliance consultants have worked with all major federal agencies in Washington, D.C., along with hundreds of contractors providing services to such agencies. With growing compliance mandates now being the new norm for businesses, both federal agencies and federal contractors are in need of capable consultants offering high-quality consulting services, which is what FLANK offers.

Numerous federal legislative mandates and presidential directives are placing huge compliance requirements on the thousands of businesses that service federal agencies. Primes and Subs are being hit hard with an onslaught of regulations, such as FISMA, DFARS 800-171, and more, and FLANK provides services for meeting these needs.

Federal Compliance Consultants & Consulting Services


The Federal Information Security Management Act of 2002 (FISMA), which is now known as the Federal Information Security Modernization Act of 2014 (FISMA), is one of the federal government’s most well-known regulatory compliance mandates, and for good reason. Both federal agencies and the businesses providing services to these agencies (i.e., Subs and Primes) have to comply annually with FISMA. This can be a taxing proposition, and the “new” FISMA law of 2014 updates and modernizes FISMA to provide a leadership role for the Department of Homeland Security, include security incident reporting requirements, and other key changes.

FISMA was originally signed into law in 2002 by President George W. Bush to provide a framework for the development and maintenance of minimum security controls to protect federal information systems. FISMA charged the Director of the Office of Management and Budget (“OMB”) with oversight of agency information security policies and practices. FISMA has had a huge downstream effect in that the thousands of federal contractors providing services to federal agencies must become FISMA compliant.

FLANK has spent years working with federal contractors all throughout the country in helping Subs and Primes become compliant, which ultimately means putting in place all necessary control requirements as published in NIST SP 800-53. 800-53 is one of the most well-known, well-respected – and feared – publications, and why? Because it’s in-depth, detailed, and can take months to comply with. FLANK provide a wide-range of FISMA specific policy templates, documents, along with an all-in-one toolkit for helping federal contractors achieve compliance in a cost-effective manner. We know FISMA reporting and the related NIST SP 800-53 controls inside and out, so contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about our FISMA compliance, consulting, and certification services from the federal compliance consulting experts at FLANK. Additionally, please visit today to learn more about our FISMA all-in-one Toolkit.


Businesses providing services to the U.S. government that operate in the cloud are increasingly being required to become FedRAMP compliant. FedRAMP, which utilizes the NIST SP 800-53 publication for its information security framework – just like FISMA – requires a large-number of operational, technical, and information security controls to be in place. FLANK offers a FedRAMP toolkit for immediate download today containing all required policies and procedures. As the federal government continues its tradition of outsourcing and awarding contracts to third-party providers, FedRAMP compliance for Subs and Primes will continue to grow also.

DFARS 800-171

The Department of Defense has literally thousands of private businesses providing essential services to them, and now these organizations must fulfill critical compliance mandates relating to DFARS 800-171. From a framework perspective, many of the DFARS security requirements come directly from the well-known NIST SP 800-53 publication, but not all. Additionally, similar to NIST SP 800-53, the actual NIST SP 800-171 publication will almost surely be updated on a regular basis, thus forcing defense contractors to keep pace with such changes. The solutions for becoming compliant with one of the Department of Defense’s (DoD’s) most widespread compliance initiatives ever put forward is to download the DFARS NIST 800-171 All-in-One Toolkit today from FLANK. The DFARS toolkit, just like dozens of others we offer for sale, have been developed by federal regulatory compliance experts with years of DoD experience.


The Consumer Financial Protection Bureau (CFPB), according to, was created to provide a single point of accountability for enforcing federal consumer financial laws and protecting consumers in the financial marketplace. Prior to the great financial crisis of 2008, responsibility was divided among several agencies, now it's under one roof. There are many provisions and mandates for which financial institutions (FI) must adhere to regarding CFPB compliance, and we have experienced CFPB compliance consultants on hand to assist. Many of the CFPB requirements contain a healthy mixture of operational and security controls & best practices, for which we specialize in.


The Gramm-Leach-Bliley Act, according to, requires financial institutions – businesses that provide consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. Financial Institutions (FI) need to be aware of the following three provisions within GLBA: Financial Privacy Rule, Safeguards Rule, and Pretexting Protection. FI's looking to save time and money in complying with GLBA can now immediately download the GLBA Compliance Policy Packet today at Additionally, we also offer GLBA compliance consulting services.

FLANK also specializes in providing FFIEC compliance, consulting, audit, and policy and procedure writing services for banking and financial services institutions across North America. As for the FFIEC, which is officially the Federal Financial Institutions Examination Council (FFIEC), it was established in 1979 pursuant to title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA).


FLANK provides SEC Cybersecurity Rules and compliance requirements services and solutions for financial institutions (FI) impacted by various Securities and Exchange (SEC) pronouncements. We also offer a SEC Cybersecurity Compliance Policy Packet that’s available for immediate download at The Chief Council’s Office (the “Division”) of the SEC regularly pushes out notices regarding the broader topic of information security, and cybersecurity has been a notable topic as of late.


The Health Insurance Portability and Accountability Act (HIPAA) has been with us since 1996, essentially becoming the most well-known and widespread healthcare compliance law currently in existence. Covered Entities (CE) and Business Associates (BA) that store, process and transmit Protected Health Information (PHI) have a strict mandate for being HIPAA compliant – that’s not even up for debate. FLANK offers a wide-variety of best-in-class HIPAA policy templates and toolkits for helping with one’s demanding client needs. Additionally, we also offer HIPAA consulting services for CE’s and BA’s all throughout the country, even Europe and Canada.