Chapter 5
Applying the NIST Risk Management Framework
Information in this chapter:
• Introduction to FISMA
• Risk Management Framework Overview
• NIST RMF Process
Introduction to FISMA
The Federal Information Security Management Act (FISMA) was signed into law on December 17, 2002 as part of the E-Government Act of 2002 (Public Law 107-347). FISMA permanently reauthorized the framework laid out in the Government Information Security Reform Act (GISRA) of 2000,1 which expired in November 2002 [1]. FISMA is divided into multiple sections, each of which will be briefly described in this section.
Purpose
FISMA was built upon several existing federal laws designed to ensure the security of federal information and information systems. These federal ...
Get Federal Cloud Computing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.