FISMA and the Risk Management Framework: The New Practice of Federal
Cyber Security deals with the Federal Information Security Management
Act (FISMA), a law that provides the framework for securing information
systems and managing risk associated with information resources in
federal government agencies. Comprised of 17 chapters, the book explains
the FISMA legislation and its provisions, strengths and limitations, as
well as the expectations and obligations of federal agencies subject to
FISMA. It also discusses the processes and activities necessary to
implement effective information security management following the
passage of FISMA, and it describes the National Institute of Standards
and Technology's Risk Management Framework. The book looks at how
information assurance, risk management, and information systems security
is practiced in federal government agencies; the three primary documents
that make up the security authorization package: system security plan,
security assessment report, and plan of action and milestones; and
federal information security-management requirements and initiatives not
explicitly covered by FISMA. This book will be helpful to security
officers, risk managers, system owners, IT managers, contractors,
consultants, service providers, and others involved in securing,
managing, or overseeing federal information systems, as well as the
mission functions and business processes supported by those systems.
