Abstract

While system certification and authorization is an important part of FISMA, agencies are also required to establish an overarching Information Security Program. The Information Security Program includes security policies, procedures, requirements, guidelines, and all supporting documentation. A FISMA compliance handbook becomes the guide for authorizing or reauthorizing an agency’s information systems. The handbook describes how the agency addresses information security controls at each stage of the system development life cycle. It helps establish a standardized security assessment process—a process that reinforces the major security controls. The compliance program and handbook should ...