Select Page

FISMA

CISSP

FISMA (Federal Information Security Management Act) is a key legislative driver for information security in federal agencies. Here’s a breakdown of its phases:

  1. Phase 1: Categorizing, Selecting Minimum Controls, and Assessment
    • Categorizing: Identify and categorize information systems based on the impact of a security breach (low, moderate, high). This helps in determining the necessary security controls.
    • Selecting Minimum Controls: Based on the categorization, select the appropriate minimum security controls from standards like those set by NIST (National Institute of Standards and Technology).
    • Assessment: Evaluate the effectiveness of the selected controls to ensure they are implemented properly and are working as intended.
  2. Phase 2: Creating a National Network of Secure Services
    • This phase involves establishing a framework or network to assess and enhance the security of federal systems continually. It focuses on creating and maintaining secure services across federal networks to improve overall security posture and ensure compliance with FISMA.

FISMA aims to improve the security of federal information systems through these structured phases, ensuring that agencies implement appropriate safeguards and regularly assess their effectiveness.

Latest Post:

Pin It on Pinterest