FISMA Certification and Accreditation Handbook
View on ScienceDirect

FISMA Certification and Accreditation Handbook

1st Edition - November 28, 2006

Write a review

  • Authors: Laura Taylor, L. Taylor
  • eBook ISBN: 9780080506531

Purchase options

Purchase options
DRM-free (Mobi, EPub, PDF)
eBook Format Help
Sales tax will be calculated at check-out

Institutional Subscription

Support CenterReturns & Refunds
Free Global Shipping
No minimum order

Description

The only book that instructs IT Managers to adhere to federally mandated certification and accreditation requirements.This book will explain what is meant by Certification and Accreditation and why the process is mandated by federal law. The different Certification and Accreditation laws will be cited and discussed including the three leading types of C&A: NIST, NIAP, and DITSCAP. Next, the book explains how to prepare for, perform, and document a C&A project. The next section to the book illustrates addressing security awareness, end-user rules of behavior, and incident response requirements. Once this phase of the C&A project is complete, the reader will learn to perform the security tests and evaluations, business impact assessments system risk assessments, business risk assessments, contingency plans, business impact assessments, and system security plans. Finally the reader will learn to audit their entire C&A project and correct any failures.

Key Features

* Focuses on federally mandated certification and accreditation requirements
* Author Laura Taylor's research on Certification and Accreditation has been used by the FDIC, the FBI, and the Whitehouse
* Full of vital information on compliance for both corporate and government IT Managers

Table of Contents

  • Acknowledgments

    Author

    Contributing Author

    Technical Editor

    Foreword

    Preface

    Chapter 1: What Is Certification and Accreditation?

    Chapter 2: Types of Certification and Accreditation

    Chapter 3: Understanding the Certification and Accreditation Process

    Chapter 4: Establishing a C&A Program

    Chapter 5: Developing a Certification Package

    Chapter 6: Preparing the Hardware and Software Inventory

    Chapter 7: Determining the Certification Level

    Chapter 8: Performing and Preparing the Self-Assessment

    Chapter 9: Addressing Security Awareness and Training Requirements

    Chapter 10: Addressing End-User Rules of Behavior

    Chapter 11: Addressing Incident Response

    Chapter 12: Performing the Security Tests and Evaluation

    Chapter 13: Conducting a Privacy Impact Assessment

    Chapter 14: Performing the Business Risk Assessment

    Chapter 15: Preparing the Business Impact Assessment

    Chapter 16: Developing the Contingency Plan

    Chapter 17: Performing a System Risk Assessment

    Chapter 18: Developing a Configuration Management Plan

    Chapter 19: Preparing the System Security Plan

    Chapter 20: Submitting the C&A Package

    Chapter 21: Evaluating the Certification Package for Accreditation

    Chapter 22: Addressing C&A Findings

    Chapter 23: Improving Your Federal Computer Security Report Card Scores

    Chapter 24: Resources

    FISMA

    OMB Circular A-130: Appendix III

    FIPS 199

    Index

Product details

  • No. of pages: 504
  • Language: English
  • Copyright: © Syngress 2006
  • Published: November 28, 2006
  • Imprint: Syngress
  • eBook ISBN: 9780080506531

About the Authors

Laura Taylor

Laura Taylor leads the technical development of FedRAMP, the U.S. government's initiative to apply the Federal Information Security Management Act to cloud computing. In 2006, Taylor's FISMA Certification and Accreditation Handbook was the first book published on FISMA. Taylor has contributed to four other books on information security and has authored hundreds of articles and white papers on infosec topics for a variety of web publications and magazines. Specializing in assisting federal agencies and private industry comply with computer security laws, Taylor is a thought leader on cyber security compliance. Taylor has led large technology migrations, developed enterprise wide information security programs, and has performed risk assessments and security audits for numerous financial institutions.

L. Taylor

Ratings and Reviews

Write a review

There are currently no reviews for "FISMA Certification and Accreditation Handbook"