What is FISMA and NIST?

What is FISMA and NIST?

A: FISMA stands for the Federal Information Security Modernization Act (FISMA) of 2014, It is US legislation creating a comprehensive framework for protecting government information, operations and assets against man-made or natural threats. It is in fact an enhanced version of the original Federal Information Security Management Act signed into law by President George W. Bush in 2002.

NIST, is the acronym for the National Institute of Standards and Technology (NIST), a standards body within the federal government that puts forth a wide-range of publications that set the standards for recommended security controls.

Organizations all throughout North America need to have a solid understanding of the role of FISMA & NIST as federal cybersecurity requirements continue to grow.

What is NIST SP 800-53?

Simply stated, NIST SP 800-53 requires federal contractors to put in place comprehensive information security and privacy policies, procedures, processes, and related internal controls.

It’s a “Special Publication,” titled Security and Privacy Controls for Information Systems and Organizations, and it is one of the most well-respected, well-known, and comprehensive security publications found anywhere in the world. It contains a prescriptive listing of control families and related security and privacy controls that federal contractors need to have in place for becoming FISMA compliant.

Continue reading
23 Hits

Writing Information Security Policies and Procedures is What We Do Best!

Writing Information Security Policies and Procedures is What We Do Best!

Writing information security policies and procedures is a very time-consuming, arduous task, to say the least. As a business owner or employee, you have to set aside important tasks, find a set of high quality templates - or even worse - dust off those antiquated shelf-ware policies and procedures written years ago. Isn’t there a better way of writing information security policies and procedures? There is, and it starts with FLANK, a global leader in providing documented policies, procedures, forms and checklists for literally anything related to information security.

Who are We? We’re FLANK. Learn About our 3 Point Stance!

1. Providers of World-Class InfoSec & Compliance Policy Templates & Toolkits.2. Saving Businesses Thousands of Dollars with Outsourced Compliance Service Offerings.3. Offering set fees for Security, Governance, and Regulatory Compliance Assessment & Audit Services.

FLANK and their trusted consultants, who range from network engineers, consultants, auditors to C level management, have put together one of the most in-depth and comprehensive set of information security policies you will find anywhere. It's called the FLANK21 – just how comprehensive are these documents - consider the following:

Hundreds of policies, procedures, forms, and checklistsProvisioning and hardening documents for ensuring all I.T. systems are properly secured before being deployed out on a network.Dozens and dozens of sections and categoriesDocumentation for many of today’s growing fields within information technology, such as cloud computing and virtualization.Extremely detailed and well-written, and growing everyday - thanks to our talented and skillful staff, who are constantly adding more and more quality documents all the time!Developed utilizing various provisions from some of the world’s most recognized information technology benchmarks, standards, and frameworks.Writing Information Security Policies and Procedures is Now Easier than Ever

What’s more, writing information security policies and procedures is easy with the FLANK21 set of documents as it contains literally hundreds of policies, procedures, forms and checklists for every conceivable area or platform related to information security, such as the following:

Network Devices-Templates specifically tailored toward routers, switches, firewalls and more!Operating Systems-Documentation provided for all major operating system platforms, such as Microsoft Windows (their 2003 to 2012 server line), UNIX and all commonly used Linux distributions, (RHEL, etc.)Databases-Policies and procedure documents for MS SQL Server, MySQL, Oracle, and PostgreSQL.Web Servers-Templates for Apache, Tomcat, IIS and more!

But filling out policy templates is one thing, actually have a set of comprehensive procedures and supporting provisioning and hardening documents is what’s also needed when it comes to writing information security policies and procedures. After all, what good is an information security policy if an organization doesn't have supporting procedures for the stated policy or even provisioning and hardening documents describing how to secure system resources?

Continue reading
20 Hits

FISMA Compliance & Certification Services for Federal Contractors in Texas

FISMA Compliance & Certification Services for Federal Contractors in Texas

FLANK offers comprehensive, fixed-fee FISMA compliance & certification services – and FISMA policy toolkits – for federal contractors all throughout the state of Texas. With hundreds of federal contractors located in Dallas, Houston, Austin, San Antonio – and numerous other locations – such entities are being required to comply with the Federal Information Security Management Act (FISMA) of 2002, which was amended in 2014 and re-named the Federal Information Security Modernization Act (FISMA).

As for FISMA, it’s without question one of the most in-depth and complex compliance mandates, due largely to the fact that becoming compliant means adhering to the controls put forth in NIST SP 800-53. From Access Control (AC) to Program Management (PM), the family of controls within NIST SP 800-53 require a healthy dose of FISMA policies, procedures, and processes to be in place – so turn to the Texas FISMA compliance experts today at FLANK.

Proven FISMA Service and Solutions for Texas Businesses

We offer a variety of services and solutions for helping Texas businesses with FISMA compliance & certification, such as the following:

Fixed-Fee FISMA Readiness & Gap Assessments:  Want to become FISMA compliant in an efficient and cost-effective manner, then Texas businesses would be well-served by performing a FISMA readiness & gap assessment. Brief, cost-effective, yet incredibly useful, such an assessment helps to identify and confirm critical scoping boundaries, missing documentation (i.e., FISMA policies and procedures), along with internal controls requiring immediate remediation. If you’re new to the world of federal compliance, then a FISMA readiness & gap assessment is an absolute must.

One of the biggest challenges faced by federal contractors with FISMA compliance is trying to eliminate the dreaded scope creep. Often times, engagements get bogged down as both sides (i.e., the FISMA assessor and the client) are unsure as to what business functions are to be examined, what personnel are involved, physical locations to be assessed, and much more. This can create an issue where FISMA compliance & certification can spiral out of control, creating immense challenges and cost overruns. How to avoid such a nightmare? Perform a FISMA readiness & gap assessment with FLANK. Contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

Continue reading
54 Hits

Network Security Policy Templates, Samples for Download

Network Security Policy Templates, Samples for Download

Network security policy templates, samples, and best practices are a vital necessity in today's growing world of regulatory compliance. There’s literally dozens and dozens of State, Federal, and global laws requiring documented network security policy templates and best practices be in place for proving to auditors of one's security practices.

Unfortunately, most businesses fail miserably when trying to develop their own set of network security policy templates and best practices because they don't have the time or resources for developing comprehensive information security documents. What’s needed is a trusted source and a global leader in providing documented policies, processes, forms and checklists for developing your very own network security policy templates, samples, and best practices.

We’re FLANK. Learn About our 3 Point Stance!

1. Providers of World-Class InfoSec & Compliance Policy Templates & Toolkits.2. Saving Businesses Thousands of Dollars with Outsourced Compliance Service Offerings.3. Offering set fees for Security, Governance, and Regulatory Compliance Assessment & Audit Services.

Over 5,000 Pages of InfoSec and Network Security Policy Templates – Get them Now

FLANK has spent years developing what is without question some of the most in-depth and comprehensive set of information security documents found anywhere - it’s called the FLANK21 set of documents that contains hundreds of network security policy templates, samples, best practices, and so much more. Sure, we provide industry leading policies and procedures - but so much more - such as essential operational and business specific documents, along with a laundry list of forms, checklists, and templates.

The network security policy templates, samples, and best practices contained within the FLANK21 set of documents contains policies, procedures, forms and checklists for many of the most commonly used firewalls and routers, ranging from Cisco appliances to Palo Alto, just to name a select few. What's more, included also are hundreds of other policy and procedure templates for all major databases (1. MS SQL Server. 2. MySQL. 3. Oracle. 4. PostgreSQL), web server applications (1. Tomcat. 2. Apache. 3. IIS. 4. JBoss), operating systems (1. Microsoft Windows Server line. 2. UNIX. 3. Linux distributions), and many, many more!

Continue reading
55 Hits

FISMA & NIST SP 800-53 and SP 800-171 Security Policies

FISMA & NIST SP 800-53 and SP 800-171 Information Security Policies and Policy Packets & Writing Services

FLANK offers industry leading FISMA and NIST SP 800-53 policy packets and NIST SP 800-171 information security policies and procedures packets, along with custom InfoSec policy writing services.  In today’s growing world of national security and cybersecurity threats, the federal government has started to aggressively enforce the FISMA mandates signed into law in 2002 (then amended in 2014).

While federal agencies have been working hard on FISMA compliance since 2002, the private sector is now the focus, with contractors being required to adhere to the Federal Information Security Management Act of 2002 (FISMA) and the now enhanced Federal Information Security Modernization Act of 2014 (FISMA).  FLANK can also assist with all aspects of the FISMA certification & accreditation process.

You Need Policies and Procedures for FISMA Compliance

FISMA, like many of today’s security, governance, and compliance mandates, requires a vast amount of documentation to be in place – specifically – information security policies and procedures covering essential I.T. domains within the NIST SP 800-53 publication, and other supporting 800 series documents. From change management to incident response, data backup – and much more – FISMA is all about documentation.

There’s no question a large security and technical element that has to be tended to in terms of FISMA compliance – two-factor authentication, file integrity monitoring, vulnerability scanning, and more – but that’s often well-known. It’s the documentation aspect that’s often overlooked with comments that usually begin with “we have no InfoSec policies and procedures, and we’re not really sure where to start.” 

With FLANK, you have two (2) options. We can author all of your FISMA policies and procedures for you, or you can simply purchase our world-class FISMA Compliant All-in-One Toolkit containing hundreds of pages of professionally developed materials. With FLANK, we give you choices when it comes to FISMA compliance.  Learn more about FLANK’s proven process for FISMA and NIST SP 800-171 compliance by downloading our FISMA Case Study and NIST SP 800-171 Case Study for a recent client implementation. 

Continue reading
90 Hits

FISMA Compliance & DFARS NIST 800-171 WDC, VA, MD

FISMA Compliance & DFARS NIST 800-171 Services for Washington, D.C., Virginia, Maryland Contractors

FISMA compliance, certification & accreditation services, along with DFARS NIST 800-171 compliance solutions for federal contractors in Washington, D.C. Virginia, and Maryland are available from FLANK. As one of North America’s leading providers of federal regulatory compliance services and solutions, we’re the company to turn to in the greater WDC metropolitan area for both FISMA and DFARS NIST 800-171 assistance.

The U.S. Government is FINALLY Serious about Security & Compliance

Over the last decade, the federal government has been hard at work ensuring all agencies are actually compliant with FISMA, however, the thousands of contractors providing critical services to such agencies have not been following along as required. But times have changed indeed. The Department of Health and Human Services (HHS), Department of Defense (DoD) and many other agencies have sounded the alarm to federal contractors, effectively demanding that thousands of businesses become FISMA and/or DFARS NIST 800-171 compliant. Gone are the days of weak enforcement, replaced now with an expansive set of rulings aimed at helping combat growing cybersecurity threats that are causing serious challenges for the federal government.

Are you a federal contractor in Washington, D.C. Virginia, or Maryland providing essential services to any number of governmental agencies? If so, and you’re not FISMA and/or DFARS NIST 800-171 compliant, the winds of change are blowing, so here’s what you need to know.

What you Need to Know Regarding FISMA Compliance & DFARS 800-171FISMA and DFARS NIST 800-171 are a Culture Change

Both of these mandates are extensive indeed, not some lightly regarded compliance measure where you can check the box and be done. Not at all. The growth in information security has unfortunately resulted in massive cybersecurity threats and attacks aimed at federal agencies, and the thousands of contractors used for providing support services.

Because of this, the government looked long and hard in what really makes sense for ensuring contractors and other down-stream providers have adequate InfoSec controls in place. Thus, enter FISMA (which has been in place since 2002, but now only heavily enforced), and more recently, the DFARS NIST 800-171 requirements.

Continue reading
130 Hits

Information Security Policy and Procedures Manual and Templates

Information Security Policy and Procedures Manual & Templates

Information security policy and procedures manuals and templates are a MUST for today's growing climate of regulatory compliance. Laws, legislation, and mandates such as Sarbanes Oxley, HIPAA, Gramm-Leach-Bliley (GLBA), the Payment Card Industry Data Security Standards (PCI DSS), ISO 27001/27002, FISMA, DFARS 800-171, and many others require organizations to have in place documented policies, procedures, and processes. But everyone knows that developing templates and crafting the documentation is very time consuming indeed. What’s needed are information security policy and procedures manuals and templates developed by an industry leading, globally recognized organization – and that’s FLANK.

World-Class Information Security Policy and Procedures Templates

As leaders in providing documented information security policy and procedures manuals and templates to businesses, FLANK has spent years developing what is without question some of the most highly sought-after technology policy and procedure documents. Known as the FLANK21, this comprehensive set of documents – available for immediate download – contains literally hundreds of operational, business specific, and information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and so much more. In all, you’ll receive approximately 5,000 pages of world-class documentation.

Don’t need the entire FLANK21 portfolio? Not a problem, we offer the following information security policy and procedures manuals and templates also:

Information Security & Cybersecurity Policy and Procedures Manual – Premier EditionInformation Security & Cybersecurity Policy and Procedures Manual – Light Edition

Looking for industry specific information security policy and procedures manuals and templates, then spend some time browsing our comprehensive data bank of documents that are available for instant download today.

Information Security Policy and Procedures Manual and Templates

What separates FLANK’s documents from the competition is we actually provide information security policy and procedure templates applicable to specific systems and devices, while also ensuring the documentation is consistent with the most current vendor and software releases. The FLANK21 set of documents includes much more than just policies and procedures - anyone can provide that - and it’s what distinguishes us from other providers.

Continue reading
193 Hits

Information Security Policies and Procedures Templates for Download

Information Security Policies and Procedures Templates for Download

Looking for industry leading information security policies and procedures templates for your organization? If so, you've come to the right place at FLANK. As a global leader in providing documented policies and procedures for organizations all around the world, our industry leading information security policies and procedures templates are extremely comprehensive, easy-to-use and cover virtually every imaginable platform or I.T. service your organization has in place. FLANK offers dozens of information security policies and procedures templates and toolkits that includes literally hundreds of policies, procedures, forms, checklists, templates, provisioning and hardening documents – and more.

Choose from Dozens of Information Security Policies and Procedures Toolkits

Information security is not going away – rather – organizations, now more than ever, are being required to have a comprehensive set of documented information security policies and procedures templates in place. Additionally, a large part of this requirement is being driven exclusively by external regulatory compliance mandates – the various laws, legislation, regulations and industry specific directives calling for the safety and security of information systems. 

That’s why the time is now for businesses to get serious about security, and it starts with obtaining information security policies and procedures templates documentation from a proven, trusted source – and that’s FLANK. Each one of the hundreds of policies, procedures, and forms that are available for instant download today at flank.org have been professionally researched and developed by personnel with years of real-world experience.

Toolkits and Templates Available for all Major Compliance Frameworks

Information security policies and procedures templates – along with other necessary templates - are a must have for organizations looking to document their policies, procedures, and processes relating to information security. There are dozens upon dozens of regulatory compliance laws, mandates, and pending legislative edicts facing businesses today - many of which require information security policies and procedures templates – for which organizations can obtain from a globally recognized industry leader, that’s FLANK.

Continue reading
173 Hits

GDPR Policies and Procedures & Policy Templates

GDPR Policies and Procedures & Policy Templates

After spending hours educating yourself on the compliance requirements of the GDPR, it becomes abundantly clear that the need for comprehensive information security, operational, and data privacy policies, procedures, forms – and more – is obvious. Simply stated, you need GDPR policies and procedures for compliance. The challenge, however, is finding a company that essentially acts as an all-encompassing repository for your documentation needs. Lawyers are great for privacy documents. I.T. firms excel in providing security policies and procedures. H.R. firms have an arsenal of operational/employee driven documents. But that’s the problem, nobody has them all, until now. FLANK provides a wide-array of industry leading compliance documents available for instant download today for meeting the rigorous GDPR compliance mandates. Contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

You Need Documents, Documents, and More Documents!

Yes, you do, no question about it! But who wants to spend time writing GDPR policies and procedures? Who wants to really take on such a tiring and rather mundane process? Probably not you, but FLANK will. Writing GDPR policies and procedures is what we do best, and it’s why we offer numerous policy templates and toolkits for instant download today at flank.org. Developing GDPR policies shouldn’t be a tedious exercise – after all, you’ve got a business to run – so visit flank.org today for learning more about our world-class policy templates and toolkits.  

Learn more about FLANK’s proven process for GDPR compliance for U.S. companies, along with downloading our GDPR Case Study for a recent client implementation.  

Here's a sample of the wide variety of GDPR policies and procedures FLANK offers:

GDPR All-in-One Global Compliance ToolkitISO 27001/27002 All-in-One ToolkitGDPR Compliance ChecklistData Privacy NoticesPersonal Data Inventory for Data Subjects MatrixInformation Security & Cybersecurity Policy and Procedures ManualData Protection Impact PRE-Assessment Determination TemplateGDPR Data Protection Impact Assessment (DPIA)Data Protection Policy and ProceduresRisk Management and Risk Assessment Program - GDPRCyber Incident Response and Breach Reporting Program – GDPR (Use a new GDPR cover sheet)Third-Party Due-Diligence and Vendor Management Program – GDPRVarious data subject’s rights policies and proceduresConsent checklists

FLANK is the true leader when it comes to GDPR policies and procedures.

Continue reading
166 Hits