Amazon cover image
Image from Amazon.com

FISMA compliance handbook / Laura P. Taylor ; Patricia Moulder, Technical editor.

By: Contributor(s): Publisher: Waltham, MA : Syngress, [2013]Edition: Second editionDescription: xx, 359 pages : illustrations ; 24 cmContent type:
  • text
Media type:
  • unmediated
Carrier type:
  • volume
ISBN:
  • 9780124058712
  • 012405871X
Subject(s): LOC classification:
  • KF4850.A3282002 A2 2013
Contents:
FISMA compliance overview -- FISMA trickles into the private sector -- FISMA compliance methodologies -- Understanding the FISMA compliance process -- Establishing a FISMA compliance program -- Getting started on your FISMA project -- Preparing the hardware and software inventory -- Catagorizing data sensitivity -- Addressing security awareness and training -- Addressing rules of behavior -- Developing an incident repsonse plan -- Conducting a privacy impact assessment -- Preparing the business impact analysis -- Developing the contingency plan -- Developing a configuration management plan -- Preparing the system security plan -- Peforming the business risk assessment -- Getting ready for security testing -- Submitting the security package -- Independent assessor audit guide -- Developing the security assessment report -- Addressing FISMA findings -- FedRAMP : FISMA for the cloud.
Scope and content: "FISMA, also known as Title III of the E-Government Act (Public Law107-347), requires that all systems and applications that reside on U.S. government networks undergo a formal security assessment before being put into production. System authorization is the ultimate output of a FISMA compliance project, and a system or application cannot be authorized unless it meets specific security control requirements. However, keep in mind that no system can be completely secure - unless it is powered off and locked in a vault. Of course then it is not very useable. Determining the security controls for the system is a balancing act between making the system useable and making the system secure. These two endeavors are often at odds with each other. In order to find the balance, security experts analyze the probability and impact of potential vulnerabilities being exploited (or not) and then make risk-based decisions based on the analysis. Clearly the goal of FISMA is to force federal agencies to put into production secure systems and applications. Once put into production, FISMA requires that system owners analyze risk periodically on the production system in order to find vulnerabilities, and fix them, before they are exploited by adversaries"-- Provided by publisher.
Holdings
Item type Current library Call number Copy number Status Date due Barcode Item holds
BOOK BOOK NCAR Library Mesa Lab KF4850 .A3282 .A2 2013 1 Checked out 07/01/2024 50583020005801
Total holds: 0

"FISMA, also known as Title III of the E-Government Act (Public Law107-347), requires that all systems and applications that reside on U.S. government networks undergo a formal security assessment before being put into production. System authorization is the ultimate output of a FISMA compliance project, and a system or application cannot be authorized unless it meets specific security control requirements. However, keep in mind that no system can be completely secure - unless it is powered off and locked in a vault. Of course then it is not very useable. Determining the security controls for the system is a balancing act between making the system useable and making the system secure. These two endeavors are often at odds with each other. In order to find the balance, security experts analyze the probability and impact of potential vulnerabilities being exploited (or not) and then make risk-based decisions based on the analysis. Clearly the goal of FISMA is to force federal agencies to put into production secure systems and applications. Once put into production, FISMA requires that system owners analyze risk periodically on the production system in order to find vulnerabilities, and fix them, before they are exploited by adversaries"-- Provided by publisher.

Includes bibliographical references and index.

FISMA compliance overview -- FISMA trickles into the private sector -- FISMA compliance methodologies -- Understanding the FISMA compliance process -- Establishing a FISMA compliance program -- Getting started on your FISMA project -- Preparing the hardware and software inventory -- Catagorizing data sensitivity -- Addressing security awareness and training -- Addressing rules of behavior -- Developing an incident repsonse plan -- Conducting a privacy impact assessment -- Preparing the business impact analysis -- Developing the contingency plan -- Developing a configuration management plan -- Preparing the system security plan -- Peforming the business risk assessment -- Getting ready for security testing -- Submitting the security package -- Independent assessor audit guide -- Developing the security assessment report -- Addressing FISMA findings -- FedRAMP : FISMA for the cloud.

Questions? Email library@ucar.edu.

Not finding what you are looking for? InterLibrary Loan.