FISMA Compliance Handbook book cover

FISMA Compliance Handbook

Second Edition

This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed.

This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment.

Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings.

FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government’s technical lead for FedRAMP, the government program used to assess and authorize cloud products and services.


Information Security professionals of all levels, systems administrators, information technology leaders, network administrators, information auditors, security managers, and an academic audience among information assurance majors.

Paperback, 350 Pages

Published: August 2013

Imprint: Syngress

ISBN: 978-0-12-405871-2


  • Chapter 1: What Is Certification and Accreditation?

    Chapter 2 FISMA Trickles into the Private Sector

    Chapter 3: FISMA Compliance Methodologies

    Chapter 4: Understanding the FISMA Compliance Process

    Chapter 5: Establishing a FISMA Compliance Program

    Chapter 6: FISMA Compliance Project Management

    Chapter 7: Preparing the Hardware and Software Inventory

    Chapter 8: Determining the Information Sensitivity Level

    Chapter 9: Addressing Security Awareness and Training Requirements

    Chapter 10: Addressing End-User Rules of Behavior

    Chapter 11: Addressing Incident Response

    Chapter 12: Performing Security Testing

    Chapter 13: Conducting a Privacy Impact Assessment

    Chapter 14: Performing the Business Impact Analysis

    Chapter 15: Developing the Contingency Plan

    Chapter 16: Preparing the Security Assessment Report

    Chapter 17: Developing a Configuration Management Plan

    Chapter 18: Preparing the System Security Plan

    Chapter 19: Before Submitting Your Documents

    Chapter 20: Evaluating the Security Assessment Package for Authorization

    Chapter 21: Addressing Compliance Findings

    Chapter 22: FedRAMP and Cloud Computing


advert image