CHAPTER 13: THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)

That depends on how an agency goes about doing its work. FISMA has put together a framework, but if [an agency] does it just for compliance, then it’s purely a paperwork exercise.108

Karen Evans, Office of Management and Budget

In this chapter:

The e-Government Act of 2002 FISMA report card What FISMA is NOT – FISMA misunderstood FISMA and its achievements 10 questions for FISMA compliance

108 Gauthem Naugesh, “Feds Losing War on Information Security,” Government Executive.com, 13 March 2008.

We can truly say that an “A” on the FISMA scorecard does not always mean you are a more secure agency – but it is a start. When we started in C&A in the civilian federal agencies ...

Get The Definitive Guide to the C Transformation Process now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.