If you work outside of the Federal Government space, you likely have not heard of FISMA.  For the uninitiated, FISMA is the Federal Information Security Management Act.  It was enacted in 2002 as part of the E-Government Act.  It was a major impetus in the government regarding the importance of information security.  After years of doing very little, FISMA was meant as a way to have a common security model throughout the government. 

FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.  In other words, it is a huge cash cow for Washington, DC consultants.


In the FISMA Compliance Handbook, author Laura Taylor provides a high-level overview of the FISMA process.  As someone who headed the technical development of FedRAMP, the government's method to apply the FISMA, Taylor brings a unique approach to the book.    Her experience and the advice book make it an invaluable reference for anyone trying to tame that monstrosity called FISMA.

FISMA is certainly much more than this book.  But for those looking to get an initial understanding on how to get a handle on FISMA compliance, the FISMA Compliance Handbook is a great resource to use.