Establishing a FISMA Compliance Program
Abstract
While system certification and authorization is an important part of FISMA, agencies are also required to establish an overarching Information Security Program. The Information Security Program includes security policies, procedures, requirements, guidelines, and all supporting documentation. A FISMA compliance handbook becomes the guide for authorizing or reauthorizing an agency’s information systems. The handbook describes how the agency addresses information security controls at each stage of the system development life cycle. It helps establish a standardized security assessment process—a process that reinforces the major security controls. The compliance program and handbook should ...
Get FISMA Compliance Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.