FISMA Compliance Handbook: Second Edition
This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed.
This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment.
Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings.
FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government’s technical lead for FedRAMP, the government program used to assess and authorize cloud products and services.
What people are saying - Write a review
Understanding the FISMA Compliance Process
Establishing a FISMA Compliance Program
Getting Started on Your FISMA Project
Preparing the Hardware and Software Inventory
Categorizing Data Sensitivity
Developing a Configuration Management Plan
Preparing the System Security Plan
Performing the Business Risk Assessment
Getting Ready for Security Testing
Submitting the Security Package
Independent Assessor Audit Guide
Developing the Security Assessment Report
Addressing FISMA Findings
Addressing Security Awareness and Training
Addressing Rules of Behavior
Developing an Incident Response Plan
Conducting a Privacy Impact Assessment
Preparing the Business Impact Analysis
Developing the Contingency Plan