Services and Solutions

FEMA Achieves Remarkable Security Scorecard Improvement Thanks to TIAG's Intervention
Customer Mission

The Federal Emergency Management Agency (FEMA), plays a pivotal role in the United States by coordinating disaster response and recovery efforts, providing assistance to affected individuals and communities, and promoting emergency preparedness nationwide


FEMA was facing significant issues with their cybersecurity infrastructure, scoring the lowest in the Department of Homeland Security on the Federal Information Security Management Act (FISMA) Information Security Scorecard, with only an 18% score. These challenges stemmed from a number of underlying issues, including:

  • Operating systems under expired Authorization to Operate (ATO) designations
  • Inadequate documentation and processes
  • A lapse in contract, resulting in the absence of an Independent Verification & Validation (IV&V) team
  • Incomplete or behind-schedule assessments

With FEMA’s security infrastructure at severe risk, TIAG’s intervention was critical to achieving full FISMA compliance and safeguarding the organization’s operations.


TIAG stepped in, tackling the challenges head-on with innovative strategies and methodologies. Key actions taken by TIAG included:

  • Conducting TIAG’s Own IV&V Testing: In the absence of a third-party IV&V team, TIAG conducted our own assessments, addressing the backlog of tasks and ensuring continuous progress in the ATO process.
  • Establishing a Knowledge Management Repository: TIAG centralized all critical documentation, streamlining access to up-to-date material and ensuring transparency across all teams.
  • Developing a Compliance Portal: To systematically identify and mitigate existing vulnerabilities, TIAG implemented a compliance portal to provide a streamlined, cohesive view of the security landscape.
  • Implementing a Matrixed Structure: TIAG fostered alignment between FEMA’s security policies and procedures by developing a matrixed infrastructure that accounted for risk type, criticality, on-premises/cloud storage, and target states.
  • Identifying High-Impact Systems: TIAG pinpointed Software as a Service (SaaS) and cloud-based systems that achieved ATO quickly, with a focus on those set for modernization within 12-18 months.
  • Onboarding Assessors: Until a third-party contract was settled, TIAG brought in-house assessors to conduct assessments, ensuring that progress stayed on track.

TIAG’s approach led to a resounding success, with FEMA’s FISMA score soaring from 18% to a remarkable 97%. By achieving full compliance with federal information security standards and regulations, FEMA saw vast improvements in their operational efficiency and significant reductions in government expenditure. Some notable achievements included:

  • Successfully completing over 2,200 Plans of Actions and Milestones
  • Acquiring 110 Authorization to Operates (ATOs)

These accomplishments, alongside TIAG’s expertise in cybersecurity best practices and innovative solutions, ensured that FEMA’s IT infrastructure saw a significant boost in security, better safeguarding critical data, and streamlining the accuracy of their operations.