F.H. Cann & Associates Achieves FISMA Compliance

F.H. Cann & Associates, Inc. (FHC), a woman-owned small business and default student loan collection agency serving primarily guarantors and other higher education creditors, today announced it has received the results of an independent audit verifying the company complies with the Federal Information Systems Management Act (FISMA).  Completion of this audit confirms not only that FHC recognizes the importance of information security by following a tailored set of baseline security controls from National Institute of Standards and Technology (NIST) Special Publication 800-53, but also that FHC conforms to these controls.

KirkpatrickPrice, an independent auditing firm, assisted FHC in following the Federal Information Processing Standard Publication (FIPS 199) in characterizing Federal information and information systems and assigning impact levels using guidance in accordance with FIPS 200. FHC selected the applicable security controls as defined in the 17 domains published in NIST Special Publication 800-53. These security and privacy controls include such areas as Access Control, Personnel Security, Configuration Management, Audit and Accountability, and others.

“I am pleased to have completed this important milestone,” said Frank Cann, company president, continuing, “and I would like to thank our employees and KirkpatrickPrice for their shared efforts in making this all possible.”

“Completing these first critical steps is imperative to becoming certified with Federal Agencies under the Federal Information Security Management Act,” says Joseph Kirkpatrick, Managing Partner of audit firm KirkpatrickPrice. “F.H. Cann has laid the foundation to monitor and adjust their controls using this risk-based approach in protecting federal information.”

FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, is a mandatory federal standard developed by NIST in response to FISMA. To comply with the federal standard, organizations must first determine the security category of their information system in accordance with FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, derive the information system impact level from the security category in accordance with FIPS 200, and then apply the appropriately tailored set of baseline security controls in NIST Special Publication 800-53, Security Controls for Federal Information Systems and Organizations. This allows organizations to tailor the relevant security control baseline so that it more closely aligns with their mission and business requirements and environments of operation.

Incorporated in 1999, F.H. Cann is a nationwide, woman-owned, higher education receivables management company operating from a centralized office in North Andover, Massachusetts.  The company serves guaranty agencies, colleges and universities, private lenders, and other clients by applying more than 100 years of combined management experience to client initiatives.  Learn more at www.fhcann.com.

KirkpatrickPrice is an information security audit firm that performs third-party attestation of multiple information security frameworks, such as FISMA, HIPAA, PCI, SOC 2 and ISO 27001.  The firm’s security audit and compliance services offer its clients efficient expertise with relevant skills and qualifications such as CISSP, CISA, CISM, CRISC, CSSLP, CIA,  QSA and SANS GIAC.  www.kirkpatrickprice.com.