Javascript is currently disabled. This site requires Javascript to function correctly. Please enable Javascript in your browser!

  • FedRAMP Strategy

    JD Biggs & Associates has completed FedRAMP assessments and package development using our FedRAMP Methodology, FedRAMP Penetration Test Methodology, FedRAMP Continuous Monitoring Methodology and SME's.


    Read more
    3PAO Accredited
  • RMF Strategy

    Have you turned the pages of the  Risk Management Framework (RMF) NIST SP 800-37 Revision 2, released December 2018? Quite a few changes have been released and we have applied these updates in our RMF methodology chart. This poster size chart provides the Tasks, and reference publications essential for developing the security authorization package and performing continuous monitoring. 


    Read more
    3PAO Fed RAMP Assessment
  • FISMA Compliance

    Federal Information Security Modernization Act (FISMA) compliance is complex, resource intensive, moderately expensive and challenging. See how our methodology will navigate you through this process.


    Read more
    FISMA Compliance
  • Methodology

    Our methodologies lie at the core of what we offer in an enterprise security program. Our consulting professionals have thirty plus years of experience, hold degrees, security clearances, security professional certifications, and professional affiliations.


    Read more
    FISMA Compliance

Our core capabilities include expertise in the critical areas of an enterprise security program.

Read More

Our Methodologies

(JDBiggs S&P Charts Order 2019.pdf)

Our custom methodologies are proven strategies for achieving compliance with FedRAMP / FISMA / HIPAA / CSAM / CUI / RMF. Each of these methodologies are based on a combination of federal standards / guidelines (OMB / NIST / FIPS), industry best practices, as well as being refined through hands-on implementation. Each of our consulting professionals apply these charts as a frame of reference and checkpoint for gauging project work products, educating customers on specific requirements and monitoring progress. 

Security & Privacy Charts:

  • Controlled Unclassified Information (CUI) Testing
  • Federal Information Security Management Act (FISMA) Methodology
  • FISMA Continuous Monitoring (ConMon) Methodology
  • Federal Risk and authorization Management Program (FedRAMP) Methodology
  • FedRAMP Continuous Monitoring (ConMon) Methodology
  • FedRAMP Penetration Testing (PenTest) Methodology
  • Personal Identifiable Information (PII) Methodology
  • Security Categorization Methodology
  • Risk Management Framework (RMF) Methodology
  • Enterprise Security Program Assessment & Validation (SPA&V) Methodology
  • Security Assessment Report (SAR) Methodology

Federal Agencies and commercial organizations have applied these charts for:

  • Developing Enterprise Policies and Standards
  • Defining Roles and Responsibilities
  • Developing Project Management Plans and Statement of Work (SOW)
  • Cost Projections of FedRAMP / FISMA / HIPAA / Penetration Testing Projects
  • Human Resource - Conducting Resume Reviews and Candidate Interviews
  • Achieving Annual Security Awareness and Training Requirements
FedRAMP Cloud Services

FedRAMP Cloud Services

A commercial organization offering cloud services to federal agencies or federal agency applications operating in a cloud environment are mandated through General Services Administration (GSA) to become FedRAMP accredited. The Federal Risk Management Program (FedRAMP) program ( applies the federal guidelines developed through the National Institute of Standards and Technology (NIST).

Becoming FedRAMP accredited is not a simple undertaking and requires an accredited 3rd Party Assessor Organization (3PAO). The accreditation of the cloud service offering, results in a Seal of Approval by the Joint Authorization Board (JAB) as a Cloud Service Provider (CSP) or Federal Agency authorizing official (AO).  Becoming a CSP will add you to the list of FedRAMP approved CSP's for hosting federal and commercial applications.

JD Biggs & Associates provide four distinct cloud service offerings for federal agencies and commercial organizations:

Designed for assessing your current cloud solution, determining the condition of required security and privacy artifacts for the authorization package and producing a FedRAMP Roadmap. The FedRAMP Roadmap is a strategy for mitigating identified risks and preparing for the FedRAMP Assessment.

This offering provides the technical knowledge and experience for developing the policies, plans, supporting artifacts that comprise the Security Authorization Package. The contents of this package are assessed by the 3PAO. Our team works directly with your selected stakeholders and develop the individual policies, plans and supporting justification on each security control / enhancements. We apply the OMB Memorandums, NIST, FIPS and FedRAMP publications on the individual artifacts within the authorization package.

The complete FedRAMP Assessment can be completed in 3 – 4 months. Can this timeline be reduced? Absolutely! The testing of NIST SP 800-53 Rev X controls using the NIST SP 800-53A Rev X requires testing individual controls and enhancements. This activity is an extremely time consuming exercise, involving Examination of artifacts / Interviewing selected stakeholders and Testing cloud solution. The FedRAMP Assessment Test Cases can be reviewed at

Another time-consuming activity is performing vulnerability assessments and penetration testing of the Infrastructure / Web Applications / Databases / Virtual Machines. We apply the approved FedRAMP tools to complete this assessment and comply with the FedRAMP guidelines:

After the issuance of an accreditation decision resulting in an Authority to Operate (ATO), don’t think you can put this milestone behind you. FedRAMP requires a 3PAO to perform Continuous Monitoring. This activity involves testing selected controls / enhancements annually, conducting quarterly scans, penetration testing and updating the contents of the security authorization package.

Learn more


Moderate and High rated systems require penetration testing on an annual basis.  A PenTest is required to maintain a compliance with FedRAMP, FISMA and HIPAA.  Our PenTester has the Offensive Security Certified Professional (OSCP) certification and performs these activities on Cloud Service Providers (CSP's) and federal agency cloud systems.Learn more

FISMA Compliance

FISMA Compliance

Federal Information Security Management Act (FISMA) compliance is complex, resource intensive, moderately expensive and challenging. Tackling the five major sections of the legislation and eight components of the agency program begins with an understanding of FISMA that is best communicated using our methodology. Learn more

Asset 1
The polymerization Tibetan and Chinese, skeletal effects and replica watches sale absorption capacity has been added, it is a multi-skilled in their women's fake rolex I was producing alternative. Throughout the rolex replica uk year of planning, you can make women achieve absolute artistic brilliance, TAG Heuer replica watches, you are worried about the rolex replica sale and uncompromising. Here there are a lot of fake tag heuer are gems markings, along with tag heuer replica monitoring allocation of rolex replica sale competing submarine. This is a good time to accompany shop rolex replica and their full range of Internet. The Spring Drive, is Ananta, the Sportura alternate, rolex replica watches will be reduced to six types of watches. In addition, skills competition Saturday night, actor rolex replica sale all black ninja, California's first family, Maria Shriver, Arnold Schwarzenegger and daughter, and his cute little wearing Harry Connick clothes is sitting next to the child.