Abstract

FISMA compliance for a system is achieved by the successful execution of a project-oriented process. NIST defines the system development process in five steps: (1) system initiation, (2) development and acquisition, (3) Implementation, (4) operation and maintenance, and (5) disposal. The NIST Risk Management Framework (RMF) identifies six steps: (1) categorize, (2) select, (3) implement, (4) assess, (5) authorize, and (6) monitor. The six steps provide a disciplined and structured approach for integrating information security and risk management activities into the system development life cycle.

A key dimension of this integrated approach is a set of well-defined roles and responsibilities. ...