Description

This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed.

This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment.

Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings.

FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government’s technical lead for FedRAMP, the government program used to assess and authorize cloud products and services.

Key Features

  • Includes new information on cloud computing compliance from Laura Taylor, the federal government’s technical lead for FedRAMP
  • Includes coverage for both corporate and government IT managers
  • Learn how to prepare for, perform, and document FISMA compliance projects
  • This book is used by various colleges and universities in information security and MBA curriculums.

Readership

Information Security professionals of all levels, systems administrators, information technology leaders, network administrators, information auditors, security managers, and an academic audience among information assurance majors.

Table of Contents

Dedication

Author Acknowledgments

About the Author

Foreword

Chapter 1. FISMA Compliance Overview

Abstract

Topics in this chapter

Introduction

Terminology

Processes and paperwork

Templates streamline the process

FISMA oversight and governance

Supporting government security regulations

Summary

References

Chapter 2. FISMA Trickles into the Private Sector

Abstract

Topics in this chapter

Introduction and authorities

Inspector General reports

What should NGOs do regarding FISMA?

FISMA compliance tools

Summary

Chapter 3. FISMA Compliance Methodologies

Abstract

Topics in this chapter

Introduction

The NIST risk management framework (RMF)

Defense information assurance C&A process (DIACAP)

Department of defense (DoD) risk management framework (RMF)

ICD 503 and DCID 6/3

The common denominator of FISMA compliance methodologies

FISMA compliance for private enterprises

Legacy methodologies

Summary

Notes

Chapter 4. Understanding the FISMA Compliance Process

Abstract

Topics in this chapter

Introduction

Recognizing the need for FISMA compliance

Roles and responsibilities

Stepping through the process

FISMA project management

Summary

Chapter 5. Establishing a FISMA Compliance Program

Abstract

Topics in this chapter

Introduction

Compliance handbook development

Create a standardized security assessment process

Provide package delivery instructions

Authority and endorsement

Improve your compliance program each year

Problems of not having a compliance program

Summary

Chapter 6. Getting Started on Your FISMA Project

Abstract

Top

Details

No. of pages:
350
Language:
English
Copyright:
© 2013
Published:
Imprint:
Syngress
Print ISBN:
9780124058712
Electronic ISBN:
9780124059153

About the author

Laura Taylor

Laura Taylor leads the technical development of FedRAMP, the U.S. government's initiative to apply the Federal Information Security Management Act to cloud computing. In 2006, Taylor's FISMA Certification and Accreditation Handbook was the first book published on FISMA. Taylor has contributed to four other books on information security and has authored hundreds of articles and white papers on infosec topics for a variety of web publications and magazines. Specializing in assisting federal agencies and private industry comply with computer security laws, Taylor is a thought leader on cyber security compliance. Taylor has led large technology migrations, developed enterprise wide information security programs, and has performed risk assessments and security audits for numerous financial institutions.