FISMA compliance handbook
This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditati...
Autor principal: | |
---|---|
Otros Autores: | |
Formato: | Libro electrónico |
Idioma: | Inglés |
Publicado: |
Amsterdam ; Boston :
Syngress, an imprint of Elsevier
2013.
Waltham, MA : 2013. |
Edición: | 2nd ed |
Colección: | Gale eBooks
|
Materias: | |
Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627908806719 |
Tabla de Contenidos:
- Front Cover; FISMA Compliance Handbook; Copyright; Contents; Dedication; Author Acknowledgments; About the Author; Foreword; Chapter 1: FISMA Compliance Overview; Introduction; Terminology; Processes and paperwork; Templates streamline the process; FISMA oversight and governance; Supporting government security regulations; Summary; References; Chapter 2: FISMA Trickles into the Private Sector; Introduction and authorities; Inspector general reports; What should NGOs do regarding FISMA?; FISMA compliance tools; Summary; Chapter 3: FISMA Compliance Methodologies; Introduction
- The NIST risk management framework (RMF)Defense information assurance C&A process (DIACAP); Department of defense (DoD) risk management framework (RMF); ICD 503 and DCID 6/3; The common denominator of FISMA compliance methodologies; FISMA compliance for private enterprises; Legacy methodologies; NIACAP (National Information Assurance Certification and Accreditation Process); DITSCAP (Defense Information Technology Certification and Accreditation Process); JAFAN 6/3; Summary; Notes; Chapter 4: Understanding the FISMA Compliance Process; Introduction; Recognizing the need for FISMA compliance
- Roles and responsibilitiesChief Information Officer; Authorizing official; Senior Information Security Officer; Senior Agency Privacy Official; Independent assessor team; System owner; Information owner; Information System Security Officer; Document preparation team; Agency inspectors; GAO inspectors; Levels of audit; Stepping through the process; Step 1: Categorize; Step 2: Select; Step 3: Implement; Step 4: Assess; Step 5: Authorize; Step 6: Monitor; FISMA project management; Summary; Chapter 5: Establishing a FISMA Compliance Program; Introduction; Compliance handbook development
- What to include in your handbookWho should write the handbook?; Create a standardized security assessment process; Provide package delivery instructions; Authority and endorsement; Improve your compliance program each year; Problems of not having a compliance program; Missing information; Organizational challenges; Inconsistencies in the assessment process; Unknown security architecture and configuration; Unknown risks; Summary; Chapter 6: Getting Started on Your FISMA Project; Introduction; Initiate your project; Put together a contact list; Hold a Kick-off Meeting
- Obtain any existing agency guidelinesAnalyze your research; Develop the documents; Its okay to be redundant; Different agencies have different requirements; Include multiple applications and components in one package; Verify your information; Retain your ethics; Summary; Chapter 7: Preparing the Hardware and Software Inventory; Introduction; Determining the system boundaries; Collecting the inventory information; Structure of inventory information; Delivery of inventory document; Summary; Chapter 8: Categorizing Data Sensitivity; Introduction; Heed this warning before you start
- Confidentiality, integrity, and availability