FISMA Compliance Handbook


Posted on by Ben Rothke

If you work outside of the Federal Government space, you likely have not heard of FISMA.  For the uninitiated, FISMA is the Federal Information Security Management Act.  It was enacted in 2002 as part of the E-Government Act.  It was a major impetus in the government regarding the importance of information security.  After years of doing very little, FISMA was meant as a way to have a common security model throughout the government. 

FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.  In other words, it is a huge cash cow for Washington, DC consultants.

FISMA

In the FISMA Compliance Handbook, author Laura Taylor provides a high-level overview of the FISMA process.  As someone who headed the technical development of FedRAMP, the government's method to apply the FISMA, Taylor brings a unique approach to the book.    Her experience and the advice book make it an invaluable reference for anyone trying to tame that monstrosity called FISMA.

FISMA is certainly much more than this book.  But for those looking to get an initial understanding on how to get a handle on FISMA compliance, the FISMA Compliance Handbook is a great resource to use.

 

 

978-0124058712


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

critical infrastructure security operations

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community