Book description
This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed.
This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment.
Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings.
FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government’s technical lead for FedRAMP, the government program used to assess and authorize cloud products and services.
- Includes new information on cloud computing compliance from Laura Taylor, the federal government’s technical lead for FedRAMP
- Includes coverage for both corporate and government IT managers
- Learn how to prepare for, perform, and document FISMA compliance projects
- This book is used by various colleges and universities in information security and MBA curriculums
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Dedication
- About the Author
- Foreword
- Chapter 1. FISMA Compliance Overview
- Chapter 2. FISMA Trickles into the Private Sector
-
Chapter 3. FISMA Compliance Methodologies
- Abstract
- Topics in this chapter
- Introduction
- The NIST risk management framework (RMF)
- Defense information assurance C&A process (DIACAP)
- Department of defense (DoD) risk management framework (RMF)
- ICD 503 and DCID 6/3
- The common denominator of FISMA compliance methodologies
- FISMA compliance for private enterprises
- Legacy methodologies
- Summary
- Notes
- Chapter 4. Understanding the FISMA Compliance Process
- Chapter 5. Establishing a FISMA Compliance Program
- Chapter 6. Getting Started on Your FISMA Project
- Chapter 7. Preparing the Hardware and Software Inventory
- Chapter 8. Categorizing Data Sensitivity
-
Chapter 9. Addressing Security Awareness and Training
- Abstract
- Topics in this chapter
- Introduction and authorities
- Purpose of security awareness and training
- Elements of the security awareness and training plan
- Specialized security training
- Security awareness
- The awareness and training message
- Security awareness and training checklist
- Security awareness course evaluation
- Summary
- Reference
- Chapter 10. Addressing Rules of Behavior
-
Chapter 11. Developing an Incident Response Plan
- Abstract
- Topics in this chapter
- Introduction
- Purpose and applicability
- Policies, procedures, and guidelines
- Reporting framework
- Roles and responsibilities
- Definitions
- Incident handling
- Forensic investigations
- Incident types
- Incident Response Plan checklist
- Security Incident Reporting Form
- Summary
- Additional resources
- Incident response organizations
- Books on incident response
- Articles and papers on incident response
-
Chapter 12. Conducting a Privacy Impact Assessment
- Abstract
- Topics in this chapter
- Introduction
- Privacy laws, regulations, and rights
- OMB Memoranda with privacy implications
- Laws and regulations
- When to conduct a PIA?
- Questions for a privacy impact assessment
- Personally identifiable information (PII)
- Persistent tracking technologies
- Decommissioning of PII
- System of record notice (SORN)
- Posting the privacy policy
- PIA checklist
- Summary
- Books on privacy
- References
- Chapter 13. Preparing the Business Impact Analysis
- Chapter 14. Developing the Contingency Plan
-
Chapter 15. Developing a Configuration Management Plan
- Abstract
- Topics in this chapter
- Introduction
- Establish definitions
- Describe assets controlled by the plan
- Describe the configuration management system
- Define roles and responsibilities
- Describe baselines
- Change control process
- Configuration management audit
- Configuration and change management tools
- Configuration Management Plan checklist
- Summary
- Additional resources
- Chapter 16. Preparing the System Security Plan
-
Chapter 17. Performing the Business Risk Assessment
- Abstract
- Topics in this chapter
- Introduction
- Determine the mission
- Create a mission map
- Construct risk statements
- Describe the sensitivity model
- Quantitative risk assessment
- Qualitative versus quantitative risk assessment
- Make an informed decision
- Summary
- Books and articles on risk assessment
- References
- Chapter 18. Getting Ready for Security Testing
- Chapter 19. Submitting the Security Package
-
Chapter 20. Independent Assessor Audit Guide
- Abstract
- Topics in this chapter
- Introduction
- Test against the System’s security control baseline
- How does confidentiality, integrity, and availability fit in?
- Manual and automated testing
- Security testing tools
- Infrastructure scanners
- Evaluations by Inspector Generals
- Evaluations by the Government Accountability Office
- Summary
- Chapter 21. Developing the Security Assessment Report
- Chapter 22. Addressing FISMA Findings
- Chapter 23. FedRAMP: FISMA for the Cloud
- Appendix A. FISMA
- Appendix B. OMB Circular A-130 Appendix III
- Appendix C. FIPS 199
- Index
Product information
- Title: FISMA Compliance Handbook
- Author(s):
- Release date: August 2013
- Publisher(s): Syngress
- ISBN: 9780124059153
You might also like
book
Applying Guiding Principles of Effective Program Delivery
While today's programs continue to grow in size and complexity, at the same time, their success …
book
Fund Custody and Administration
Fund Custody and Administration provides an overall perspective of investment funds without limiting its analysis to …
book
Semantics in Business Systems
Semantics in Business Systems begins with a description of what semantics are and how they affect …
article
How Supply Chain Transparency Boosts Business Value
Companies face heightened scrutiny of how their products are made, including their suppliers’ labor practices and …