Find a pentest company with FISMA
31 companies have this certification
FISMA Cybersecurity Certification
Origin
The Federal Information Security Management Act (FISMA) was enacted by the United States Congress in 2002 as part of the E-Government Act. It was created in response to growing concerns about the security of federal information systems and the need for a comprehensive framework to protect government data. FISMA was updated and modernized in 2014 through the Federal Information Security Modernization Act, which maintained the same acronym while strengthening oversight and incorporating evolving cybersecurity threats.
Industry Value and Importance
FISMA certification is highly valued because it demonstrates an organization's ability to meet rigorous federal security standards for protecting sensitive government information. Organizations that achieve FISMA compliance prove they have implemented comprehensive security controls covering everything from access management to incident response, making them trusted partners for federal contracts. Beyond government work, FISMA certification is respected throughout the cybersecurity industry as evidence of mature security practices and robust risk management capabilities, often giving certified organizations a competitive advantage when bidding on projects that require proven security frameworks.
Infoguard Cyber Security
California-based cybersecurity company with multiple offices in San Jose and Irvine; specializes in penetration testing services, including vulnerability assessments and ethical hacking, as evidenced by dedicated website content on pentest benefits and security loophole identification.
CP Cyber
CP Cyber is a private cybersecurity company based in Denver, Colorado, specializing in computer and network security services such as penetration testing, vulnerability assessments, breach recovery, and compliance. Founded in 2017, it has a team of 5 employees with 20% YoY growth, serving clients in healthcare and IT sectors; it maintains a modest web presence with 586 monthly visits and a global rank of #10,120,702.
ControlPoints
Cybersecurity consulting firm specializing in audit, penetration testing, and IT solutions; 7 employees; based in Washington, DC; serving Fortune 50 and federal government clients with deep expertise in cybersecurity, risk analytics, compliance, and information assurance.
Audit Liaison
Cybersecurity firm based in Tampa, Florida; specializes in security audits, compliance, and penetration testing services; offers solutions for SOC 2, ISO 27001/22301, PCI DSS, HIPAA/HITRUST, GDPR/CCPA, and FISMA compliance; provides active security testing including penetration testing; founded with extensive industry experience.
A-LIGN
Cybersecurity and compliance provider based in Tampa, Florida; 572 employees, $92.2M annual revenue, $54.5M funding; specializes in cybersecurity compliance, penetration testing, and cyber risk management; offers active penetration testing and red team services, with a focus on high-quality, efficient programs.
Schellman
IT compliance and cybersecurity attestation provider; based in Tampa, Florida; specializes in FedRAMP assessments and offers extensive penetration testing services across multiple disciplines, including application, network, mobile, red teaming, social engineering, cloud, physical, hardware/IoT, and AI red team testing.
AARC-360
AARC-360 is a private accounting firm specializing in assurance, advisory, risk, and compliance services with a global presence; 28 employees, founded in 2014, headquartered in Atlanta, Georgia, USA. They have recent cybersecurity accreditation achievements, including FedRAMP and RMAI audits, and offer penetration testing services such as vulnerability assessments, active exploitation, and social engineering across web, network, and cloud platforms.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
Coalfire
Coalfire is a cybersecurity and compliance services provider based in Chicago, Illinois, founded in 2001. With 676 employees and $200M annual revenue, it specializes in penetration testing, vulnerability assessments, FedRAMP, cloud migration, and AI risk management, serving enterprise, healthcare, and finance sectors. The company has received $9.4M in funding and is known for offensive security capabilities, including penetration testing services.
Pratum (An HBS Brand)
Information security services firm specializing in cybersecurity solutions including penetration testing; based in Iowa, USA with $6.1M revenue, founded in 2008, and a small team of 1 employee. Pratum helps clients address security challenges through risk-based approaches, with a focus on comprehensive cybersecurity and IT risk management.
Esotericode
Cybersecurity firm specializing in penetration testing, code analysis, and secure software development; offers services including penetration testing, static/dynamic code analysis, code review, and compliance consulting (FISMA, FedRAMP, PCI, NIST); based in Frederick, Maryland, United States.
Radical Security
Cybersecurity company specializing in penetration testing services such as PCI-DSS compliance, segmentation, and web app assessments; 4 employees with 133.3% YoY growth; headquartered in Stoughton, MA.
Karhu Cyber
Cybersecurity company specializing in computer and network security; provides penetration testing, cybersecurity training, risk management, and threat detection services. Founded in 2021, based in Brighton, Michigan, with 9 employees and 18.2% YoY growth; offers tailored cybersecurity solutions to reduce risk and improve compliance.
SecureSky
SecureSky is an IT services and consulting firm based in Omaha, Nebraska, founded in 2018; with 12 employees and $7.3M in funding, they provide managed security, detection, response, and penetration testing services for cloud, hybrid, and on-premise environments, emphasizing offensive security capabilities.
CISEVE | Authorized C3PAO
IT services and consulting firm specializing in cybersecurity compliance and penetration testing; 3 employees with +150% YoY growth; based in Las Vegas, Nevada; one of the first authorized C3PAOs, emphasizing integrity and certified staff.
Advertise on pentest.fyi
You could be here!
Compass Federal Consulting
IT services and consulting company specializing in cybersecurity, risk management, and penetration testing; 5 employees with 40% YoY growth; based in Shamong, New Jersey, founded in 2011; provides security planning and compliance services for federal, healthcare, and private clients.
STIG
Cybersecurity company specializing in computer and network security; 25 employees with 4.9% YoY growth, founded in 2000, based in Glen Rock, New Jersey, United States. Provides penetration testing, secure IT engineering, managed security services, and human capital solutions, with a web presence of 1,421 monthly visits and a global rank of #8,992,961.
Silent Breach
Cybersecurity company based in New York, specializing in predictive breach detection and penetration testing; offers proactive security solutions and has demonstrated capabilities in identifying critical vulnerabilities, including breaches of high-profile organizations like the Department of Defense.
E Com Security Solutions
IT services and consulting company specializing in cybersecurity and compliance; 27 employees, founded 2008, headquartered in New York, USA; offers penetration testing services for networks and web applications, with categories including network penetration testing and web application penetration testing; 1,106 monthly website visits, global rank #11,587,344, employer rating 5.0/5.0.
Essendis
Cybersecurity consulting firm specializing in cloud cybersecurity and penetration testing; based in Berea, Ohio, with expertise in network and application vulnerability assessments and simulated attack testing.
Breach Craft
Cybersecurity consulting firm specializing in penetration testing, vulnerability assessments, and virtual CISO services; 3 employees with +200% YoY growth; based in Havertown, Pennsylvania, USA; founded by seasoned cybersecurity practitioners, focusing on deep industry knowledge and innovative security solutions.
Columbia Advisory Group
IT services and consulting firm specializing in cybersecurity, governance, risk, and compliance; provides penetration testing and managed IT services to higher-education clients; 31 employees, $5M-$25M revenue, founded 2012, Dallas, TX.
K3DES LLC
Cybersecurity company specializing in penetration testing, network vulnerability assessments, cryptographic consulting, and security training for the payments industry; 13 employees with a 6.7% YoY decline; founded in 2002; based in Houston, Texas, USA; recognized as a top ten PCI consulting firm in the US.
DNC CORP
Cybersecurity company specializing in assessments, penetration testing, and ICS SCADA; 12 employees with 200% YoY growth; $18.8M revenue; founded 2003; Alexandria, VA. Known for niche cybersecurity expertise and serving Fortune 500 and government clients.
Fortreum
Cybersecurity company headquartered in Lansdowne, Virginia, providing penetration testing and offensive security services; employs specialized pentesters and red team leads, with explicit government procurement listings for penetration testing services.
Conscious Networks
Managed IT services provider based in Vienna, Virginia; offers holistic technology support, including Help Desk, hardware/software support, procurement, and implementation. Provides penetration testing and cybersecurity risk assessments, emphasizing active testing and real-world attack simulations.
Data Pulse Tech
Cybersecurity firm based in Ashburn, Virginia, specializing in penetration testing and vulnerability research; offers comprehensive security assessments for networks, applications, and systems.
Assured Enterprises, Inc.
Cybersecurity company based in Vienna, Virginia, specializing in penetration testing services; explicitly lists troubleshooting and pentest operations on its site, confirming active pentest capabilities.
selfhack*
Selfhack* (SelfHack Oy) is a Finnish IT services and consulting company founded in 2024, headquartered in Helsinki, with 5 employees. It specializes in AI-powered penetration testing, cybersecurity automation, and application security, offering autonomous ethical hacking solutions that enhance threat detection and risk management.
Securli Limited
Cybersecurity company specializing in penetration testing and network security; founded in 2005, based in Hong Kong, with 2 employees. Offers advanced, constantly upgraded security platforms and services to assess and strengthen IT infrastructure security.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
VP Techno Labs
Cybersecurity firm specializing in penetration testing and security audits; headquartered in Ahmedabad and Nadiad, India; multi-award-winning with a focus on tackling critical cyber threats affecting revenue and reputation.
Threatsys Technologies Pvt. Ltd.
India-based cybersecurity firm specializing in penetration testing services; offers network and cloud pentests with a focus on vulnerability assessment through simulated attacks; headquartered in Bhubaneswar, Odisha.