FISCAM - Federal Information System
Controls Audit Manual

NNT Change Tracker’s real-time, non-stop approach to compliance, configuration drift reporting, and breach detection present an ideal solution to demonstrating compliance with FISCAM requirements.

FISCAM is a manual developed by the Government Accountability Office intended to provide auditors with specific guidance for evaluating the confidence, integrity, and availability of information systems. FISCAM is consistent with the National Institute of Standards and Technology (NIST SP 800-53) guidelines for complying with the Federal Information Security Modernization Act of 2014 (FISMA).



FISCAM Overview
FISCAM focuses on 5 key areas: Security Management, Access Controls, Configuration Management, Contingency Planning, and Segregation of Duties.

Security Management
Controls provide reasonable assurance that security management is effective, including effective:

  • Remediation of information security weaknesses
  • Periodic assessments and validation of risk
  • Security awareness and security training
  • Security control policies & procedures

FISCAM Controls
The FISCAM is organized to facilitate effective and efficient IS control audits by incorporating the following controls:

  • A top-down, risk-based approach that considers materiality and significance in determining effective and efficient audit procedures
  • Evaluation of entity-wide controls and their effect on audit risk
  • Evaluation of general controls and their pervasive impact on business process application controls
  • Evaluation of security management at all levels (entity-wide, system, and business process application levels)
  • A control hierarchy (control categories, critical elements, and control activities) to assist in evaluating the significance of identified IS control weaknesses
  • Groupings of control categories consistent with the nature of the risk
  • Experience gained in GAO's performance and review of IS control audits, including field testing the concepts in this revised FISCAM

Register for a free trial and automate FISCAM compliance

Contact Us

USA Offices

New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 Infosec Security Winners 2018 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.