FISMA Compliance Handbook, 1st Edition

  • Published By:
  • ISBN-10: 0124059155
  • ISBN-13: 9780124059153
  • DDC: 342.73
  • Grade Level Range: College Freshman - College Senior
  • 350 Pages | eBook
  • Original Copyright 2013 | Published/Released May 2014
  • This publication's content originally published in print form: 2013

  • Price:  Sign in for price



This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook Second Edition explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of Certification and Accreditation is discussed. This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment. Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings. FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government's technical lead for FedRAMP, the government program used to assess and authorize cloud products and services.

Table of Contents

Front Cover.
Half Title Page.
Title Page.
Copyright Page.
Author Acknowledgments.
About the Author.
1: FISMA Compliance Overview.
2: FISMA Trickles into the Private Sector.
3: FISMA Compliance Methodologies.
4: Understanding the FISMA Compliance Process.
5: Establishing a FISMA Compliance Program.
6: Getting Started on Your FISMA Project.
7: Preparing the Hardware and Software Inventory.
8: Categorizing Data Sensitivity.
9: Addressing Security Awareness and Training.
10: Addressing Rules of Behavior.
11: Developing an Incident Response Plan.
12: Conducting a Privacy Impact Assessment.
13: Preparing the Business Impact Analysis.
14: Developing the Contingency Plan.
15: Developing a Configuration Management Plan.
16: Preparing the System Security Plan.
17: Performing the Business Risk Assessment.
18: Getting Ready for Security Testing.
19: Submitting the Security Package.
20: Independent Assessor Audit Guide.
21: Developing the Security Assessment Report.
22: Addressing FISMA Findings.
23: FedRAMP: FISMA for the Cloud.
Appendix A: FISMA.
Appendix B: OMB Circular A-130 Appendix III.
Appendix C: FIPS 199.