This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed.
This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment.
Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings.
FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government's technical lead for FedRAMP, the government program used to assess and authorize cloud products and services.
Auflage
Sprache
Verlagsort
Zielgruppe
Für Beruf und Forschung
Information Security professionals of all levels, systems administrators, information technology leaders, network administrators, information auditors, security managers, and an academic audience among information assurance majors.
Produkt-Hinweis
Broschur/Paperback
Klebebindung
Illustrationen
40 illustrations; Illustrations
Maße
Höhe: 233 mm
Breite: 189 mm
Dicke: 30 mm
Gewicht
ISBN-13
978-0-12-405871-2 (9780124058712)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Klassifikation
Laura Taylor leads the technical development of FedRAMP, the U.S. government's initiative to apply the Federal Information Security Management Act to cloud computing. In 2006, Taylor's FISMA Certification and Accreditation Handbook was the first book published on FISMA. Taylor has contributed to four other books on information security and has authored hundreds of articles and white papers on infosec topics for a variety of web publications and magazines. Specializing in assisting federal agencies and private industry comply with computer security laws, Taylor is a thought leader on cyber security compliance. Taylor has led large technology migrations, developed enterprise wide information security programs, and has performed risk assessments and security audits for numerous financial institutions.
1: What Is Certification and Accreditation?
2 FISMA Trickles into the Private Sector
3: FISMA Compliance Methodologies
4: Understanding the FISMA Compliance Process
5: Establishing a FISMA Compliance Program
6: FISMA Compliance Project Management
7: Preparing the Hardware and Software Inventory
8: Determining the Information Sensitivity Level
9: Addressing Security Awareness and Training Requirements
10: Addressing End-User Rules of Behavior
11: Addressing Incident Response
12: Performing Security Testing
13: Conducting a Privacy Impact Assessment
14: Performing the Business Impact Analysis
15: Developing the Contingency Plan
16: Preparing the Security Assessment Report
17: Developing a Configuration Management Plan
18: Preparing the System Security Plan
19: Before Submitting Your Documents
20: Evaluating the Security Assessment Package for Authorization
21: Addressing Compliance Findings
22: FedRAMP and Cloud Computing
