Abstract

The Federal Information Security Management Act (FISMA) of 2002 places significant requirements on federal agencies for the protection of information and information systems; and places significant requirements on the National Institute of Standards and Technology (NIST) to assist federal agencies to comply with FISMA. In response to this important legislation, NIST is leading the development of key information system security standards and guidelines as part of its FISMA Implementation Project (http://csrc.nist.gov/sec-cert/index.html). This high-priority project includes the development of security categorization standards; standards and guidelines for the specification, selection, and testing of security controls for information systems; guidelines for the certification review and accreditation of information systems; and guidelines for the continuous monitoring of controls to ensure they continue to operate as intended. This paper includes a discussion of NIST's FISMA risk management framework (RMF) and the suite of related standards and guidelines being developed by NlST to help federal agencies comply with FISMA requirements (i.e., the FISMA suite of documents). In addition, the paper discusses how agency systems will benefit from applying the FISMA RMF and why the FISMA RMF and the related suite of standards and guidelines should be of interest to other government sectors (e.g., DoD) and to the commercial sector

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.