Washington Software Inc. offers many different compliance management and auditing services.  This page contains a list of some of our offerings:


Compliance Readiness & Program Management: Address current and applicable regulatory requirements. Help develop processes and procedures that address future mandates more effectively, while minimizing redundancies between various compliance systems. Install processes and systems to monitor and report on compliance initiatives and current status.

FedRAMP Assessment & Advisory: Assist CSP’s and Federal Agencies to achieve FedRAMP authorization (JAB, ATO, LI-SaaS) for government cloud solutions. Perform readiness assessments and gap analyses. Provide end-to-end project management and develop required FedRAMP artifacts. Assist with security control implementation, policy/procedure development, and continuous monitoring programs.

NIST 800-171 & CMMC Advisory:  Work with civilian and defense contractors to ensure that they are adequately protecting Controlled Unclassified Information (CUI) as well as advanced national defense assets according to DFARS regulations.  Develop NIST SP 800-171 and CMMC compliance programs, and help contractors ensure that they have appropriate controls in place for transmitting or storing this data in non-federal information systems.

HIPAA/HITECH: Aid health care professionals in the proper handling of Personal Health Information (PHI) and other sensitive data. Work together with staff and management to set up and implement procedures and policies for handling of patient information. Provide training through a third-party source.

NERC CIP-013-1 Cyber Security Supply Chain Risk Management (“C-SCRM”): Develop and implement processes that consider supply chain risks when procuring products and services. Contract language and documentation of the processes are maintained to adhere to the standard.

Compliance Assessment: Perform audits and compliance assessments against standards and regulations such as ISO 27001, NIST/FISMA, SOX, HIPAA/HITECH, FFIEC, and FedRAMP. Advise on security program enhancements and control implementation when gaps are identified.