FISMA and the Risk Management Framework book cover

FISMA and the Risk Management Framework

The New Practice of Federal Cyber Security

If you are responsible for meeting federal information security requirements such as FISMA, this book is all you need to know to get a system authorized. Now in the first full revision of FISMA since its inception in 2002, a new wave of stronger security measures are now available through the efforts of the Department of Defense, Office of the Directory of National Intelligence, Committee for National Security Systems and the National Institute of Standards and Technology.

Based on the new FISMA requirements for 2011 and beyond, this book catalogs the processes, procedures and specific security recommendations underlying the new Risk Management Framework. Written by an experienced FISMA practitioner, this book presents an effective system of information assurance, real-time risk monitoring and secure configurations for common operating systems.


Information Security Auditors; Information Security Analysts, Penetration Testers, FISMA compliance staff, ST&E contractors, Information Security Engineers

Paperback, 584 Pages

Published: November 2012

Imprint: Syngress

ISBN: 978-1-59749-641-4


  • "Gantz explains the Federal Information Security Management Act (FISMA), describes the obligations it places on federal agencies and others subject to the legislation's rules about securing information systems, and details the processes and activities needed to implement effective information security management following FISMA and using the Risk Management Framework of the National Institute of Standards and Technology."--Reference and Research Book News, August 2013


  • Chapter 1: Introduction

    Chapter 2: Federal Information Security Fundamentals

    Chapter 3: Thinking About Risk

    Chapter 4: Thinking About Systems

    Chapter 5: Success Factors

    Chapter 6: Risk Management Framework Planning and Initiation

    Chapter 7: Risk Management Framework Steps 1 & 2

    Chapter 8: Risk Management Framework Steps 3 & 4

    Chapter 9: Risk Management Framework Steps 5 & 6

    Chapter 10: System Security Plan

    Chapter 11: Security Assessment Report

    Chapter 12: Plan of Action and Milestones

    Chapter 13: Risk Management

    Chapter 14: Continuous Monitoring

    Chapter 15: Contingency Planning

    Chapter 16: Privacy

    Chapter 17: Federal Initiatives

    Appendix A: References

    Appendix B: Acronyms

    Appendix C: Glossary



advert image