FISMA compliance handbook / Laura P. Taylor ; Patricia Moulder, technical editor.

Format:

Book

Author/Creator:

Taylor, Laura P.

Contributor:

Moulder, Patricia, editor of compilation.

Series:

Gale eBooks

Language:

English

Subjects (All):

United States. Federal Information Security Management Act of 2002.

United States.

Electronic government information--Security measures--United States.

Electronic government information.

Computer security--Law and legislation--United States.

Computer security.

Data protection--Law and legislation--United States.

Data protection.

Physical Description:

1 online resource (xx, 359 pages) : illustrations (some color)

Edition:

2nd ed.

Other Title:

Federal Information Security Management Act of 2002 compliance handbook

Federal Information Security Management Act of 2002

Place of Publication:

Amsterdam ; Boston : Syngress, an imprint of Elsevier, 2013.

Waltham, MA : Syngress, 2013.

Language Note:

English

System Details:

text file

Summary:

This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed. This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FI

Contents:

Front Cover; FISMA Compliance Handbook; Copyright; Contents; Dedication; Author Acknowledgments; About the Author; Foreword; Chapter 1: FISMA Compliance Overview; Introduction; Terminology; Processes and paperwork; Templates streamline the process; FISMA oversight and governance; Supporting government security regulations; Summary; References; Chapter 2: FISMA Trickles into the Private Sector; Introduction and authorities; Inspector general reports; What should NGOs do regarding FISMA?; FISMA compliance tools; Summary; Chapter 3: FISMA Compliance Methodologies; Introduction

The NIST risk management framework (RMF)Defense information assurance C&A process (DIACAP); Department of defense (DoD) risk management framework (RMF); ICD 503 and DCID 6/3; The common denominator of FISMA compliance methodologies; FISMA compliance for private enterprises; Legacy methodologies; NIACAP (National Information Assurance Certification and Accreditation Process); DITSCAP (Defense Information Technology Certification and Accreditation Process); JAFAN 6/3; Summary; Notes; Chapter 4: Understanding the FISMA Compliance Process; Introduction; Recognizing the need for FISMA compliance

Roles and responsibilitiesChief Information Officer; Authorizing official; Senior Information Security Officer; Senior Agency Privacy Official; Independent assessor team; System owner; Information owner; Information System Security Officer; Document preparation team; Agency inspectors; GAO inspectors; Levels of audit; Stepping through the process; Step 1: Categorize; Step 2: Select; Step 3: Implement; Step 4: Assess; Step 5: Authorize; Step 6: Monitor; FISMA project management; Summary; Chapter 5: Establishing a FISMA Compliance Program; Introduction; Compliance handbook development

What to include in your handbookWho should write the handbook?; Create a standardized security assessment process; Provide package delivery instructions; Authority and endorsement; Improve your compliance program each year; Problems of not having a compliance program; Missing information; Organizational challenges; Inconsistencies in the assessment process; Unknown security architecture and configuration; Unknown risks; Summary; Chapter 6: Getting Started on Your FISMA Project; Introduction; Initiate your project; Put together a contact list; Hold a Kick-off Meeting

Obtain any existing agency guidelinesAnalyze your research; Develop the documents; Its okay to be redundant; Different agencies have different requirements; Include multiple applications and components in one package; Verify your information; Retain your ethics; Summary; Chapter 7: Preparing the Hardware and Software Inventory; Introduction; Determining the system boundaries; Collecting the inventory information; Structure of inventory information; Delivery of inventory document; Summary; Chapter 8: Categorizing Data Sensitivity; Introduction; Heed this warning before you start

Confidentiality, integrity, and availability

Notes:

"Patricia Moulder, Technical Editor".

Includes bibliographical references and index.

ISBN:

9780124059153

0124059155

OCLC:

859162818