FISMA Compliance

TWM Associates, Inc. (TWM) has contributed to the evolution of Cybersecurity and IA within the Federal Government. Our participation in the Federal Security Community began in 1991 supporting various weapons programs within the Navy, evolved into security support for the Department of Defense (DoD), and then security support for Federal Agencies.

TWM is now a Registered Provider Organization (RPO) approved by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (AB) to provide CMMC support for your organization's preparation for CMMC certification. TWM’s support for the Federal Information Security Modernization Act (FISMA) compliance began with the prior law under the Government Information Security Reform Act (GISRA). TWM was one of the first to develop a security controls database for use in the evaluation of the security controls of a large enterprise for the first year of GISRA compliance, in support of a Federal Agency Offices of the Inspector General (OIG). This has since evolved into our more recent Security Assessment Working (SAW) tool that is utilized in helping an agency ensure they are functioning and effective in their controls testing for FISMA compliance, based on the NIST 800-53a test controls integrating continuous monitoring within a Risk Management Framework utilizing automated tools. Further, TWM was one of the first to integrate the security controls compliance activities across the myriad of laws, regulations, and compliance requirements to assist entities to meet their compliance goals and improved security postures in a single effort vs. a plethora of individual efforts which resulted in non-cohesive approaches and unnecessary expense to the agencies. This extensive experience and commitment to excellence is reflected in our achieving ISO 9001 and 27001 accreditation and approval as an RPO by CMMC-AB.