What is FISMA? Part II.

This is a continuation of the previous article, “What is FISMA?“.

Implement - At this stage, security controls are implemented. This requires taking all of the information in the previous steps and applying them in a practical manner to the information systems. For example, if a system was given a security of categorization of Low from the Categorize step, the Low set of controls from NIST 800-53 would be implemented. In addition, any supplemental controls that management deemed necessary, would also be implemented. Read more

What is FISMA?

The Federal Information Security Management Act (FISMA) is part of the E-Government Act, which became a law in December 2002.  Title III of the E-Government Act is FISMA.  FISMA basically requires all government agencies to perform a Risk Based methodology on all information systems run by agencies and their contractors. Read more

Certification and Accreditation

Certification and Accreditation is a term used within the federal government sector to identify the process to compliance with the Federal Information Systems Management Act (FISMA). The public, Department of Defense, Health Care Providers, Legal, and Financial sectors require similar “Certification” processes. Regardless, the outcome of each of the “Audit” processes is; Security certification and accreditation are important activities that support a risk management process and are an integral part of an agency’s information security program. First, let’s explore the meaning: Read more

Access Controls

What are Access Controls? Access Controls provide the ability to control allowance of the use of an object by an entity. For example, a locked door denies the ability of a person to enter a house. The proper key would unlock the door then allow a person to enter the house through the door. Read more

• Categories

  • Access Control
  • Certification and Accreditation
  • FISMA
  • Security

• Tags

  Access Controls Accreditation Certification DIACAP E-Government Act FISMA GLBA HIPAA NIST Sarbanes Oxley Security

• Calendar

  August 2008

  S	M	T	W	T	F	S
  « Jun
  					1	2
  3	4	5	6	7	8	9
  10	11	12	13	14	15	16
  17	18	19	20	21	22	23
  24	25	26	27	28	29	30
  31

• Company Links

  • Aviel
  • CSCI
  • NGS

• Security Links

  • CCCure.org
  • CIS
  • DISA STIGs
  • NIST SP800
  • Nmap
  • Security Tools
  • Wireshark

• Recent Posts

  • What is FISMA? Part II.
  • What is FISMA?
  • Certification and Accreditation
  • Access Controls

• Recent Comments

  • What is FISMA? Part II. : CSCI Security Blog on What is FISMA?
  • Jeremy’s Brain Dump » FISMA on What is FISMA?
  • Jeremy’s Brain Dump » Access Controls Article on Access Controls

• Subscribe through Feedburner

  • 
  • 
  • 
  • 

• US CERT High Risk Activity

  • SSH Key-based Attacks August 27th 2008
  • Microsoft Revised Security Bulletin MS08-051 August 25th 2008
  • Red Hat Releases OpenSSH Security Update August 25th 2008
  • Malware Circulating via Russia/Georgia Conflict Spam Messages August 21st 2008
  • Opera Releases Version 9.52 August 21st 2008
  • Webex Meeting Manager ActiveX Control Vulnerability August 18th 2008
  • Joomla! Password Reset Vulnerability August 14th 2008
  • Apple MobileMe Phishing Scam August 13th 2008
  • Microsoft Releases August Security Bulletin August 12th 2008
  • Microsoft Releases Advanced Notification for August Security Bulletin August 7th 2008