If your application involves your clients to enter their information on their own individual units, Then you certainly qualify for SAQ A. Set up firewalls and router expectations, which established procedures for allowing for and denying usage of your devices. Firewall configurations must be reviewed bi-per year to be sure https://www.nathanlabsadvisory.com/blog/nathan/achieve-fisma-compliance-in-the-usa-avoid-risks-and-stay-secure/
