Académique Documents
Professionnel Documents
Culture Documents
Information Systems
A Strategy for Effectively Applying the Provisions of
FISMA
Ron Ross
Project Manager
FISMA Implementation Project
ron.ross@nist.gov
OWAS 301.975.5390
P
AppSe
c
This is a work of the U.S. Government and is not subject to
copyright protection in the United States.
DC
October
2005 The OWASP
http://www.owasp.org/
Foundation
The Information Age
Connectivity
Complexity
Determining the risk to the first Determining the risk to the second
organization’s operations and assets and organization’s operations and assets and
the acceptability of such risk the acceptability of such risk
The loss of availability could The loss of availability could The loss of availability could
be expected to have a be expected to have a be expected to have a
Availability limited adverse effect on
organizational operations,
serious adverse effect on
organizational operations,
severe or catastrophic
adverse effect on
organizational assets, or organizational assets, or organizational operations,
individuals. individuals. organizational assets, or
individuals.
The loss of availability could The loss of availability could The loss of availability could
be expected to have a be expected to have a be expected to have a
Availability limited adverse effect on
organizational operations,
serious adverse effect on
organizational operations,
severe or catastrophic
adverse effect on
organizational assets, or organizational assets, or organizational operations,
individuals. individuals. organizational assets, or
individuals.
Access Control
Awareness and Training
Audit and Accountability
Certification, Accreditation, and
Security Assessments
Configuration Management
Contingency Planning
Personnel Security
Risk Assessment
System and Information Integrity
System Acquisition
System and Communications
Protection
Operating Systems
Middleware
Network Components
Applications
Physical Devices
Question
How does the family of FISMA-related
publications fit into an
organization’s
information security program?
Answer
NIST publications in the FISMA-related
series provide security standards and
guidelines that support an enterprise-
wide
risk management process and are an
integral part of an agency’s overall
information security program.