Federal Information Security Management Act

FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security deals with the Federal Information Security Management Act (FISMA), a law that provides the framework for securing information systems and managing risk associated with information resources in federal government agencies. Comprised of 17 chapters, the book explains the FISMA legislation and its provisions, strengths and limitations, as well as the expectations and obligations of federal agencies subject to FISMA. It also discusses the processes and activities necessary to implement effective information security management following the passage of FISMA, and it describes the National Institute of Standards and Technology's Risk Management Framework. The book looks at how information assurance, risk management, and information systems security is practiced in federal government agencies; the three primary documents that make up the security authorization package: system security plan, security assessment report, and plan of action and milestones; and federal information security-management requirements and initiatives not explicitly covered by FISMA. This book will be helpful to security officers, risk managers, system owners, IT managers, contractors, consultants, service providers, and others involved in securing, managing, or overseeing federal information systems, as well as the mission functions and business processes supported by those systems. Learn how to build a robust, near real-time risk management system and comply with FISMA Discover the changes to FISMA compliance and beyond Gain your systems the authorization they need

Addresses additional questions arising from the May 19, 2009, hearing on federal information security held by the Subcommittee on Government Management, Organization, and Procurement. In that hearing, there was a discussion on the current state of information security throughout the federal government and agency efforts to comply with the requirements of the Federal Information Security Management Act of 2002 (FISMA). Congress had the following two questions: (1) Comment on the need for improved cyber security relating to S.773, the proposed Cybersecurity Act of 2009; and (2) Provide recommendations to improve the Federal Information Security Management Act. This report provides the responses.

The E-Government Act, passed by the 107th Congress and signed into law by the Pres. in Dec. 2002, recognized the importance of info. security to the economic and nat. security interests of the U.S. Title III of the Act, entitled the Fed. Info. Security Mgmt. Act (FISMA), emphasizes the need for each fed. agency to develop, document, and implement an enterprise-wide program to provide info. security for the info. systems that support the operations of the agency. FISMA directed the promulgation of fed. standards for: (1) the security categorization of fed. info. and info. systems based on the objectives of providing appropriate levels of info. security; and (2) minimum security requirements for info. and info. systems in each such category.

FISMA was enacted in 2002 to increase national security following the events of 9/11. The Act establishes a matrix of responsiblities across every federal agency to establish security when acquiring information technology. The purpose of this research guide is to aid legal researchers in locating and navigating the best resources to understand the obligations under this Act, process and regulations that must be followed through the acquisition and management of information technology, and the performance and attetsation requirements to ensure compliance. The first part of the guide will focus on the newer Act, FISMA, and resources to research it directly. The later portions of the guide will look more broadly at inter-related resources that will be necessary for your research.--Publisher.

As cyber threats continue to evolve, the Federal Government is embarking on a number of initiatives to protect Federal information and assets and improve the resilience of Federal networks. OMB, in coordination with its partners at the National Security Council (NSC), the Department of Homeland Security (DHS), and other agencies, helps drive these efforts in its role overseeing the implementation of programs to combat cyber vulnerabilities and threats to Federal systems. Today, as required by the Federal Information Security Management Act of 2002 (FISMA), OMB is sending to Congress the annual report that tracks the progress of our efforts while also identifying areas of needed improvement. Agencies take a number of actions to protect government networks and information, implementing tools and policies in order to mitigate potential risks. The fiscal year (FY) 2014 FISMA report provides metrics on Federal cybersecurity incidents, the efforts being undertaken to mitigate them and prevent future incidents, and agency progress in implementing cybersecurity policies and programs to protect their networks. FY 2014 proved to be a year of continued progress toward the Administration's Cybersecurity Cross Agency Priority (CAP) Goal, which requires agencies to “Know Your Network” (Information Security Continuous Monitoring), “Know Your Users” (Strong Authentication), and “Know Your Traffic” (Trusted Internet Connection Consolidation and Capabilities).

This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed. This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment. Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings. FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government’s technical lead for FedRAMP, the government program used to assess and authorize cloud products and services. Includes new information on cloud computing compliance from Laura Taylor, the federal government’s technical lead for FedRAMP Includes coverage for both corporate and government IT managers Learn how to prepare for, perform, and document FISMA compliance projects This book is used by various colleges and universities in information security and MBA curriculums

FISCAM presents a methodology for performing info. system (IS) control audits of governmental entities in accordance with professional standards. FISCAM is designed to be used on financial and performance audits and attestation engagements. The methodology in the FISCAM incorp. the following: (1) A top-down, risk-based approach that considers materiality and significance in determining audit procedures; (2) Evaluation of entitywide controls and their effect on audit risk; (3) Evaluation of general controls and their pervasive impact on bus. process controls; (4) Evaluation of security mgmt. at all levels; (5) Control hierarchy to evaluate IS control weaknesses; (6) Groupings of control categories consistent with the nature of the risk. Illus.