Federal agencies must meet the rigorous cybersecurity requirements of the Federal Information Security Management Act (FISMA). This includes implementing a formal, agency-wide information security program using the standards developed by the National Institute of Standards and Technology (NIST) — specifically NIST SP 800-53 and 800-37. Many agencies lack the in-house resources or expertise to navigate and comply with these complex guidelines.
AJ Boggs’ 911.net Security Operations Center (SOC) was deployed to help this agency design and implement a comprehensive cybersecurity program grounded in the NIST Cybersecurity Framework (CSF) and NIST SP 800-53 controls.
Using a tailored, risk-based approach, we focused on:
- Continuous Monitoring & Authorization (CA-7, CA-6)
- System Categorization (per FIPS 199 impact levels)
- Control Implementation & Mapping (800-53 aligned with 800-37 Risk Management Framework)
Services Delivered
- External & Internal Vulnerability Assessments
- Penetration Testing
- System Assessment & Risk Mitigation
- Secure Network Configuration
- Business Continuity & Disaster Recovery Plans
- Attack Detection & Continuous Monitoring
- Governance & Compliance Support
- Security Awareness Training
As a result of the 911.net implementation, the agency significantly improved its compliance posture by aligning with NIST SP 800-53 controls at the moderate impact level. The integration of the NIST 800-37 Risk Management Framework streamlined ongoing risk assessments and authorization processes, enabling continuous monitoring across systems. Real-time threat detection capabilities were established, reducing the mean time to detect and respond to cyber incidents. Additionally, the agency was fully prepared for external security audits and successfully met its FISMA obligations.