Federal Regulatory Assurance

A path towards FISMA and Federal regulatory compliance

Want the Federal Government as one of your clients?

If you are doing business with the Federal Government, the opportunity is huge, but so are the multiple compliance requirements which must be met. Understanding the shifting landscape of Federal IT legislation, including the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP) is critical. Navigating regulation and controls the first time can be challenging. However, done correctly, it can pave the way to significant business for your company. 

PwC can help you reap those rewards. 


FISMA: You can’t do business with the Federal Government without it

Compliance with the Federal Information Security Management Act (FISMA) is required of all federal agencies and all commercial entities that provide services to the Federal Government. Companies must have a control environment that meets FISMA requirements, which include required documentation. Additional federal regulations beyond FISMA may also be applicable.

With deep federal regulatory, compliance, and controls experience, PwC’s Federal Regulatory Assurance team can be the right partner for you. As federal compliance is often part of broader compliance challenges, we partner with PwC’s Integrated Compliance team to maximize our value to clients.

Cloud First Mandate: FedRAMP requirements for cloud service providers

Roughly 25% -- or $20B of federal IT spending is earmarked for cloud computing migration as per the Cloud First mandate.

Commercial cloud service providers (CSPs) must meet Federal Risk and Authorization Management Program (FedRAMP) requirements. FedRAMP standardizes the approach to cloud-related security assessments, authorizations, and ongoing monitoring.

PwC is an accredited FedRAMP 3PAO (Third Party Assessment Organization), enabling us to perform cloud security assessments. Our FedRAMP team includes cloud security, federal regulatory, and controls professionals. Partnering with PwC’s Cloud Assurance team, you will be well-prepared to meet federal cloud compliance requirements.


Playback of this video is not currently available

Mantaining Security in the Digital Age

Helping you become compliant


Define security needs

Determine NIST SP 800-53 control requirements

Create required documentation

Train employees

Develop self-assessments

Manage remediation

Monitor and sustain compliance

Develop a federal regulatory roadmap and compliance framework


Tailor your offering to FedRAMP requirements

Understand the relationship of NIST SP 800-53 control requirements to your environment

Perform self-assessments and gap analyses

Develop and execute a comprehensive, continuous monitoring program

Support remediation

Produce documentation to support assessments

Generate awareness and develop training programs

Research and insights

Contact us

Todd Bialick
Trust and Transparency Solutions Leader, PwC US
Tel: +1 (973) 236 4902

Zachary Gable
Federal Regulatory Assurance Leader
Tel: +1 (267) 330 2898

Follow us