Getting Ready for Security Testing
Abstract
FISMA requires that all system security controls undergo testing. Testing the security controls should be planned in advance and should be performed by an independent third-party assessor. All components of the system that will be tested should be described in the Security Assessment Plan. A Security Assessment Plan should include a Rules of Engagement (RoE). RoE is a document designed to describe proper notifications and disclosures between the owner of a tested system and an independent assessor.
Keywords
SP 800-53A; Security testing; Independent assessor; Third party; Rules of Engagement; RoE; Limitation of Liability; Testing; ST&E; Security Testing and Evaluation
Distrust and caution are the ...
Get FISMA Compliance Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.