FISMA Compliance Handbook: Second Edition

Front Cover
Newnes, Aug 20, 2013 - Computers - 350 pages

This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed.

This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment.

Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings.

FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government’s technical lead for FedRAMP, the government program used to assess and authorize cloud products and services.

  • Includes new information on cloud computing compliance from Laura Taylor, the federal government’s technical lead for FedRAMP
  • Includes coverage for both corporate and government IT managers
  • Learn how to prepare for, perform, and document FISMA compliance projects
  • This book is used by various colleges and universities in information security and MBA curriculums
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

FISMA Compliance Overview
1
FISMA Trickles into the Private Sector
11
FISMA Compliance Methodologies
17
Understanding the FISMA Compliance Process
27
Establishing a FISMA Compliance Program
41
Getting Started on Your FISMA Project
49
Preparing the Hardware and Software Inventory
57
Categorizing Data Sensitivity
63
Developing a Configuration Management Plan
153
Preparing the System Security Plan
167
Performing the Business Risk Assessment
201
Getting Ready for Security Testing
221
Submitting the Security Package
231
Independent Assessor Audit Guide
239
Developing the Security Assessment Report
275
Addressing FISMA Findings
289

Addressing Security Awareness and Training
79
Addressing Rules of Behavior
87
Developing an Incident Response Plan
95
Conducting a Privacy Impact Assessment
117
Preparing the Business Impact Analysis
129
Developing the Contingency Plan
137
FedRAMP FISMA for the Cloud
295
FISMA
305
OMB Circular A130 Appendix III
323
FIPS 199
341
Index
353
Copyright

Other editions - View all

Common terms and phrases

About the author (2013)

Laura Taylor leads the technical development of FedRAMP, the U.S. government's initiative to apply the Federal Information Security Management Act to cloud computing. In 2006, Taylor's FISMA Certification and Accreditation Handbook was the first book published on FISMA. Taylor has contributed to four other books on information security and has authored hundreds of articles and white papers on infosec topics for a variety of web publications and magazines. Specializing in assisting federal agencies and private industry comply with computer security laws, Taylor is a thought leader on cyber security compliance. Taylor has led large technology migrations, developed enterprise wide information security programs, and has performed risk assessments and security audits for numerous financial institutions.

Bibliographic information