Please be aware SANS.org's Critical Security Controls are only tangentially related to FISMA. CSC maps to a limited subset of NIST SP 800-53 controls but is not FISMA compliance itself. To satisfy FISMA security controls refer to the current FISMA security control catalog document, NIST SP 800-53 Revision 3.
I have no experience with ESS but if it provides governance support for ISO 27001 controls this can be the basis of some FISMA compliance support as NIST SP 800-53r3 controls have mappings to ISO 27001 Annex A (see Appendix H of SP 800-53r3).
New releases of NIST FISMA guidance have refocused efforts on all aspects of Continuous Monitoring. ESS is well positioned to provide extensive support for this compliance goal. This new guidance is developed with the Joint Task Force Transformation Initiative, creating a Unified Information Security Framework that will be applied not only to systems covered by FISMA but also systems in the Intelligence Community and DoD.
... View more